I have to deploy numerous application servers into an AWS VPC. As a result, the 'authentication agents' IP address can change when it is rebooted/restarted. I have 3 x /24 networks assigned, for PROD, PRE-PROD and DEV.
These servers are running RHEL7.0
No Windows servers will be deployed
What is the most suitable configuration and/or method to 'dynamically' add the agents to the RSA Authentication Manager whether the IP address is from any of the /24 networks?
RSA Authentication Manager - v8.4 P 04
One of my developers has found some information from the SDK documentation.
"From what I read this method doesn’t require an IP address to be stored. It also mentions about the encryption. From what I understand that means is we can set the same “AGENT_NAME” on all of our hosts. If we use the Agent-Server Trust Model it appears an IP Address is not required. “This new trust mechanism is considered more secure and IP-agnostic.”"
RSA Agents can send authentication requests over UDP port 5500 (most common way) but the newer agents can also be configured to use UDP or TCP/REST. Agents that can use TCP/REST typically are name-based and not IP based in the configuration. Refer to the documentation and setup instructions for using TCP/REST if your agent allows it.