Requesting access to RSA Authentication Manager Amazon Machine Image (AMI) for Amazon Web Services (AWS) environments
Originally Published: 2018-02-20
Article Number
Applies To
RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.6, 8.7 and 8.8
Platform: Amazon Web Services
Issue
Tasks
- Contact RSA Support to open a case.
- If you opt to open your case using our web portal, be sure that the case subject is SecurID: AMI files request, and the RSA Version/Condition is set to the RSA Authentication Manager version you are requesting.
- Be sure to provide your AWS 12-digit account number (for example, ABC123456789; DEF123456789; 321123456789; JKL123456789). This might be part of the customer's Amazon login, e.g. account/userid@3211-2345-6789
- AWS AMI Version - (Example 8.7, 8.8 etc)
This AWS account number is mandatory when opening a case so that RSA can provide access to the AMI.
Resolution
After RSA has shared their .AMI file to the customer, the customer will logon and access EC2, to select an .AMI. Customers should change their search filter to Private (from Public) and search for the word Authentication (not search for AM). This is the same in either commercial AWS or GovCloud, customer should see the RSA .ami file shared from RSA to their license.
In AWS, a Security Group (SG) is basically a set of firewall rules between AWS and their customers. RSA expects your SG to allow access from customer site to AWS private VPN cloud for specific network ports needed to manage and use Authentication Manager hosted on AWS (see RSA Authentication Manager 8.7 Amazon Machine Image (AMI) Getting Started).
If a specific security group cannot be added to RSA Authentication Manager, use the default Security Group. Note that some things might not work; for example, Authentication Manager might not even deploy, per the instructions in the Getting Started Guide.
Some AWS client installations do not allow shared AMI deployments or instantiations. RSA does not have the means to build or create an Authentication Manager appliance on a customer's AWS using their AMI; that is, RSA cannot create an Authentication Manager appliance out of customer'SUSE Enterprise Linux AMI by installing our software on top of their AMI. There is no Engineering document on this, and it is not supported, nor is RSA Customer Support even remotely equipped to attempt this. In this situation uploading the RSA AMI via the customer VPN console also would not work.
Notes
- See the documentation entitled RSA Authentication Manager 8.7 Amazon Machine Image (AMI) Getting Started for detailed deployment requirements and instructions. Also review the RSA Authentication Manager 8.7 Planning Guide for additional information.
- Or See the documentation entitled RSA Authentication Manager 8.8 Amazon Machine Image (AMI) Getting Started for 8.8 version of Authentication Manager.
- Expected turnaround for this work is 24 hours, not counting RSA observed holidays and weekends. An email is sent when the AMI has been made available to your AWS environment.
