Username: rsatest
Passcode: 12345678
Passcode Accepted
Authentication successful
Continue? [y/n] y
Username: rsatest
Passcode: 12345678
Access Denied
Passcode: 12345678
Access Denied
Passcode: 12345678
Access Denied
Authentication incomplete
Continue? [y/n]

This article assumes that RSA Authentication Manager software has already been deployed as a primary instance, with or without replica instances in a deployment and that RSA Authentication Agent API for Java sample code has been compiled and ready to use.

Environment

• Two separate networks with no routing between them.
• RSA Authentication Manager primary instance eth0 is configured on one network and eth1 is configured on the second network.
• Microsoft Windows platform with two network card interfaces (NICs), where each NIC is connected to the two networks hosting the RSA Authentication Agent API for Java (for this example, 2k8r2-agent) .

Network diagram

 Steps

1. Ensure the RSA Authentication Manager instance eth0 and eth1 interfaces are correctly set up in the Operations Console (Administration > Network > Appliance Network Settings.  An example on the primary is as follows:

2. Set up the local host file on each of the Authentication Manager instance in the deployment.  From the Operations Console,
   1. Navigate to Administration > Network > Hosts File > Add New.
   2. Add hosts entry for the Microsoft Windows platform eth0 IP address and associated hostname.
   3. Add hosts entry for the Microsoft Windows platform eth1 IP address and associated hostname.
   4. Add all of the Authentication Manager instance IP addresses and hostnames.

3. Using the Security Console on the primary instance, add the eth1 IP addresses as Alternative IP Addresses for the Authentication Manager instance(s). Navigate to Setup > System Settings. Under Advanced Settings > Alternative Instance IP Addresses, enter the eth1 IP address in the Alternative IP Address field, as shown here:

 

4. Perform an automatic rebalance using the Security Console on the primary instance (Access > Authentication Agents > Authentication Manager Contact List > Automatic Rebalance.  Click Rebalance).  The primary and replica (or replicas) will appear in the Authentication Manager Contact Lists.  For example:

5. Generate a configuration record (Access > Authentication Agents > Generate Configuration File.  Click Generate Config File then click the Download Now button. Copy the AM_Config.zip file on the Microsoft platform hosting the RSA Authentication Agent API for Java software.

6. Update (or add) the Authentication Agent in the Security Console (Access > Authentication Agents > Manage Existing (or Add New).  Enter the host name of the agent, enter the IP address from eth0 of the agent and enter the eth1 IP address into Alternative IP Address.

7. For this example the RSA Authentication Agent API for Java has been unpacked into the C:\RSA\JavaAPI folder on the supported Microsoft platform.  The example code is therefore found in the C:\RSA\JavaAPI\examples\sample folder along with the rsa_api.properties, the configuration record (sdconf.rec) and sdopts.rec.

rsa_api.properties

• To use eth0: RSA_AGENT_HOST=192.168.254.120
• To use eth1: RSA_AGENT_HOST=192.168.2.120
• SDCONF_LOC=sdconf.rec
• SDOPTS_LOC=sdopts.rec

sdopts.rec

CLIENT_IP=192.168.2.120
USESERVER=192.168.2.102,10
USESERVER=192.168.2.110,10
USESERVER=192.168.2.111,10
USESERVER=192.168.2.112,10
USESERVER=192.168.254.102,10
USESERVER=192.168.254.110,10
USESERVER=192.168.254.111,10
USESERVER=192.168.254.112,10

The sdopts.rec file is a text file that an administrator will manually create for an RSA Authentication Agent for manual load balancing. The sdopts.rec file is not generated by Authentication Manager or the agent.