KevinConway (Customer) asked a question.
Hi,
We are scheduled to replace our older RSA Virtual Appliances with new Physical Appliances. The over all plan is as follows:
Delete the current Replica
Attached the New Replica to the existing Primary and ensure replication
Promote the new Replica to be the Primary and ensure Replication
Attach the new Replica to the new Primary
If the Primary and Replica replacements are retaining their original host names and IP Addresses, do I still need to perform an automatic rebalance in the Security Console of the Primary, and generate a new sdconf.rec file for any existing Radius Clients? I don't think so but I want to make sure that there is no manual updates to our Authentication Agents or Radius Clients. It may be best do just do the automatic rebalance to be on the safe side when replacing the first Replica.
Is there anythng else I may be forgetting to do for any existing Radius Clients or Authentication Agents? I just need to generate the sdconf.rec file for adding any new agents/clients post migration, correct?
Thanks,
Kevin C.
Depends on the agent.
For older AAWin UDP port 5500 agents, No, because the agent will resolve the name and find the new replica by the old name. But it won't hurt.
MFA agents using TCP port 5555 also need the console certificate for TLS encryption, so if you use replacement console certificates, you would need a replacement console cert on this new replica signed by the same Root CA. So again no as long as you take care of replacement console certs. But again, it won't hurt.
Automatic rebalance [which apparently is not so automatic] checks all replicas and adds them to the sdconf.rec file. If you open sdconf.rec with NotePad++ you can see your servers FQDN delimited after
<bootstrap:Connection Location="