RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
Q: Is it necessary to have the original primary to be online and functional during the process of replica promotion?
A: Yes, It is mandatory to have the original primary instance online and fully functional during the process of replica promotion.* * *
Q: Who can initiate the process for replica promotion for maintenance?
A: An Operations Console administrator can initiate promotion for maintenance from the Operations Console of the replica instance that is to be promoted. To complete this task,- Logon to the Operations Console of the replica instance to be promoted as primary.
- Navigate to Deployment Configuration > Replica Promotion > For Maintenance > Promote to Primary.
- Verify the instance details and click Run Pre-Promotion Check. The progress monitor displays the progress of the promotion operation on the replica instance that is being promoted.
* * *
Q: Will the original primary instance automatically be demoted to be the replica instance during the process of replica promotion for maintenance?
A: After promotion, the original primary instance is demoted to a replica instance.* * *
Q: Is it necessary to have all the replica instances online and functioning during the replica promotion process for maintenance?
A: It is important to take note that during the promotion for maintenance, the primary instance and all replica instances must be online and functioning. * * *
Q: What are the services and instances that are affected during the promotion process for maintenance?
A: During the promotion process, authentication, administration, and self-service will be unavailable on the primary and replica instance involved in promotion.
* * *
Q: Will the other replicas be available for authentications during the process of replica promotion for maintenance?
A: Authentications remains available on additional replicas in the deployment apart from the replica which is identified for promotion.
* * *
Q: Will the old primary be automatically re-attached as the replica to the new primary (that is, the newly promoted replica)?
A: After promotion, the original primary instance is demoted to a replica instance and is automatically synchronized with the new primary instance. All additional replica instances are automatically connected to the new primary instance.
* * *
Q: What are the impacts on the web tier during the process of replica promotion for maintenance?
A: If the deployment includes a web tier, restart the services for each web tier after promotion. * * *
Q: What are the impacts on the RSA RADIUS server during the process of replica promotion for maintenance?
A: It is mandatory to initiate RADIUS data replication to synchronize the RADIUS server on each replica instance with the RADIUS server on the new primary instance. To complete this task,
- Logon to the Security Console of the new primary instance.
- Navigate to RADIUS > RADIUS Servers.
- Click Initiate Replication.
Apart from the information above, it is important to ensure that the replica instance being promoted can reach the original primary and all other replica instances on the following ports.
7002 TCP
-
Used for communication between an Authentication Manager primary and replica instances and for communication between replica instances
-
Used by the RSA application programming interface (API).
* * *
7022 TCP
-
Used for communication between Authentication Manager primary and replica instances and for communication between replica instances (for replay detection). Used to communicate with trusted realms.
-
Allows communication between the RSA Authentication Manager appliance and its' web tier.
* * *
7072 TCP
-
Required for administering the RSA Authentication Manager deployment from the Operations Console.
-
Accepts requests for Operations Console functions.
* * *
1812 TCP
-
This port is used for communication between primary RADIUS and replica RADIUS services.
-
Even If the RSA RADIUS is not in use, but if the deployment has replica instances then it is a must to allow connections between Authentication Manager instances on this port.
-
Restrict connections from other systems that are not Authentication Manager instances.
* * *
1813 TCP
-
This port is used to administer RADIUS from the Security Console over the protected RADIUS remote administration channel.
-
Restrict connections from other systems that are not Authentication Manager instances.
Related Articles
Port Traffic for RSA Authentication Manager Number of Views RADIUS client is unable to authenticate against replica instance in the RSA Authentication Manager 8.x Number of Views Testing TCP ports on RSA Authentication Manager 8.x instances with a script (Script attached) Number of Views Software update using RSA Authentication Manager 8.4 patch 2 fails on an Authentication Manager instance. Number of Views Ports for the RSA Authentication Manager Instance Number of Views
Trending Articles
RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide Deploying RSA Authenticator 6.2.2 for Windows Using DISM RSA MFA Agent 2.4 for Microsoft Windows Installation and Administration Guide RSA Authentication Manager 8.9 Release Notes (January 2026) Downloading RSA Authentication Manager license files or RSA Software token seed records
