This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
LaneFrazier
Contributor
Contributor
‎2018-10-09 03:07 PM

Prudent Preparations before Upgrading RSA Auth Mgr 8.`

I apologize in advance for what seems to be a rather dumb question...

 

We run on the Suse Linux platform not windows

 

We are in the planning stages of preparing to upgrade our RSA 8.1 sp1 system to at least 8.2 possibly 8.3

We run on appliances, not on VMware totally yet except for one replica. We have 1 primary appliance and 2 other replica appliances.

 

We do daily backups of the Primary system on a scheduled basis. But because is an appliance -  snapshots and clones we don't have.

 

From what I can tell about the only option available to backup the total image on the appliance is to use the freebie PING software. You create a bootable DVD from the downloadable iso file.

 

So making a backup of the primary requires you to shut down the primary appliance, boot off the PING CD and backup your appliance to a network share.

 

I guess this is the way it needs to be if you are not running VMware, but it seems a rather disruptive set of steps to go thru. One question that comes to mind is: Do authentications continue with your replicas while your Primary is shutdown and backing up ?

 

Is there a better way I'm not thinking of ? Other options

 

So my question is this. On upgrades....applying patches you can back out the changes if you had to, but major upgrades like going from 8.1 to 8.2 then 8.3 are not.  Is taking a PING backup the only solution for non VMware appliance users ?

 

If for some reason an upgrade went south on you what other options would I have at my disposal. I'm on 8.1 sp1 currently. Finding the original CD rom the system came with is probably out of the question. I have no idea where it is presently

 

So my question is are there any other ways to prepare to restore in case of a major issue during the upgrade.

Only thing I can think of would be to spin up a VMware quickly, re-install with the 8.1 ova file...reapply sp1 and patch 3 and restore my daily backup file and be back where I started.

0 Likes
Reply
6 Replies
_EricaChalfin
Employee (Retired) Employee (Retired)
Employee (Retired)
‎2018-10-09 03:38 PM

Lane Frazier‌,

 

I've moved your question to the RSA SecurID Access" data-type="space space where it will be seen by the product's support engineers, other customers and partners.  Please bookmark this page and use it when you have product-specific questions.

 

Alternatively, from the RSA Customer Support" data-type="space page, click on Ask A Question on the blue navigation bar and choose Ask A Product Related Question.  From there, scroll to RSA SecurID Access" data-type="space and click Ask A Question.  That way your question will appear in the correct space.

 

 

Regards,

Erica

0 Likes
Reply
EdwardDavis
Employee
Employee
‎2018-10-09 05:04 PM

1) Do authentications continue with your replicas while your Primary is shutdown and backing up ?

 

yes

 

2) So my question is this. On upgrades....applying patches you can back out the changes if you had to, but major upgrades like going from 8.1 to 8.2 then 8.3 are not.  Is taking a PING backup the only solution for non VMware appliance users ?

 

If for some reason an upgrade went south on you what other options would I have at my disposal. I'm on 8.1 sp1 currently. Finding the original CD rom the system came with is probably out of the question. I have no idea where it is presently

 

So my question is are there any other ways to prepare to restore in case of a major issue during the upgrade.

Only thing I can think of would be to spin up a VMware quickly, re-install with the 8.1 ova file...reapply sp1 and patch 3 and restore my daily backup file and be back where I started.

----

Backups are version specific. If you need to rebuild, you can burn the appliance to the highest base image (we have factory images to burn to DVD and reimage the hardware to 8.2, 8.2 sp1, or 8.3) and then patch it to match the level that made the backup, and restore the backup. 

https://community.rsa.com/docs/DOC-65190?sr=search&searchId=ea916e6c-eb89-44cb-9ec3-1a648ae3ea89&searchIndex=1 

Factory images are in the archive and main sections of where you download the full installers. Also OVA files of 8.1, 8.2, 8.2 sp1, and 8.3. 

PING is nice because if you did a PING restore the system goes right back as though it were a snapshot. Without PING the systems can be rebuilt/recovered but you may need to do more admin work to get everything back in action they way it was. (factory image, then the sub-patch level, then a restore, and might need to redeploy replicas).

If an upgrade goes south it still only means one system is affected, the others are still running and users are authenticating. 

Reply
JayGuillette
Apprised Contributor Apprised Contributor
Apprised Contributor
In response to EdwardDavis
‎2018-10-09 10:17 PM

PING backup works great on the Dell R710 and R210 models, but we have seen some problems with the Dell R630 if you also try to do it through an iDrac instead of through the console.

Here's a 9+ minute video on patching,  Video Link : 32399 

Reply
LaneFrazier
Contributor
Contributor
In response to JayGuillette
‎2018-10-10 09:36 AM

I have the latest PING software downloaded from ping.windowsdream.com

 

I'm guessing by the iso that it is PING 4.0

 

My hardware appliance is an Intel A130

 

Anyone happen to know if this level of PING software is compatible with

this hardware. ?

 

Also it would seem that what is going to be backed up is about 10GB...i'll

back it up to a share on our network. Any guess as to how long the backup

might run....20-30 min an hour ?

 

Obviously I'm backing up my Primary appliance. Have never done this before

so I'm a little apprehensive. My primary has been running almost 3 yrs

without a reboot.

 

I wish their was an easier way....I hate having to shut it down and boot

off a burned DVD

 

the message I'm getting is get off of appliances and get on VMWARE where

snapshots are easier

 

 

Lane Frazier

0 Likes
Reply
EdwardDavis
Employee
Employee
In response to LaneFrazier
‎2018-10-10 04:21 PM

You might want to test your PING on a replica. It is harmless... but....decide which RSA server is least important right now, and use that one to work out PING actions. Perhaps a replica would be a good choice as a prod/dev machine. Ping took me 28 minutes to create the systemVG-LVroot.gz.00x files on a Dell R210 with one million active users to a windows share. So....plan on 45 mins to an hour is a good all around guess. The only problem I ever had with PING was...PING 4 did not recognize my Dell R210 USB, so I had no way to connect a keyboard. I used Ping 3 and it did recognize my older Dell hardware and worked fine.

 

This KB article may be used for the keyboard problem when using PING 4.x

https://community.rsa.com/docs/DOC-95730?sr=search&searchId=34cb1e27-2407-43fc-b8ea-e489d69e9b9d&searchIndex=0 

Reply
LaneFrazier
Contributor
Contributor
‎2019-01-04 09:19 AM

Hello everyone,

 

I still have some questions about some prudent preps before upgrades.

 

My environment is Intel Hardware appliance as a primary and 2 other replicas appliances with a couple VMWARE replicas. All Linux based not Windows.

 

We still run AM 8.1 SP1 P3 and we are going to begin the process soon of trying to move all the way to 8.4

 

we know we have to got to 8.2 first then 8.3 then 8.4

 

My question still deals with how to prepare for some unforeseen issue that might occur during upgrade. My concern is with my Primary. I have reviewed the following

https://community.rsa.com/docs/DOC-62265

https://community.rsa.com/thread/192973

 

I have had to rebuild a replica on a appliance before so I have the 8.1 iso file on CD burned. But that was rebuilding a replica and it gets synced back up with the primary once its back online.

 

My question is this. It seems that there is really not great way to do a standalone backup of primary appliance short of using a unsupported product called PING   PING Rel 4 is the only one that seems to be available and its iffy at best.

 

If something bad where to happen to my Primary appliance during upgrade what's the best way to get back like I was ?

 

Reset to factory with iso file and then restore my latest backup file that we make nightly on Operations console

 

Or would it be to punt and promote one of my VMware replicas to a Primary

Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.