Requests to Customer Support to Assist with Multi-tenant Installations in RSA Web Threat Detection
2 years ago
Originally Published: 2016-12-21
Article Number
000065832
Applies To
RSA Product Set: Web Threat Detection
RSA Product/Service Type: Mitigator
RSA Version/Condition: 5.0 - 6.1
Issue
Customers may try to create multi-tenant WTD systems by various means, and then run into trouble such as do seeing the certs and iptenancy files on the server being used for a tenant.  Customers sometimes find they are unable to create rules or see new cert info.  They are requesting Customer Support to assist in troubleshooting. 
Tasks
This is a request for implementation. As a general rule Customer Support's scope of day to day responsibilities does not cover issues resulting from Customer installed WTD software nor implementation problems. 

This responsibility is under the scope of Professional Services. 
Resolution
To explain more in depth for this particular request. 
  • Multitenancy(MT) requires more configuration than just cloning a server or two. So in some Customer scenarios they would have to set up manually and then consider importing the data they want to copy from an existing system like rules, attributes, tenants, etc.
  • The tenancy file (ipTenancy.eds) must be created using the UI by adding tenants manually. Doing this not only creates the eds file but also triggers other configuration items such as certs/keys/ and configuration folders.
          Note that both global and tenants should not be on one system. This can be achieved, but is not a supported/documented configuration and generally does not work.  
          There must be at least one separate system for each global and tenant processors.
 
However, the bottom line for this type of setup is that our Customers will need to engage Professional Services. MT is not something that can be short-cut, copy paste configured, as Customer Support has learned with some of our Customers the hard way, even with best efforts of CS engineers.

The implementation of a MT installation is not trivial and needs to be completed before trying to import other configurations. Please reach out or request Customer Support to provide the Sales Representative assigned to your organization in order to engage Professional Services 
 

Related Articles

Trending Articles

Don't see what you're looking for?