This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
HEATHCARSON
New Contributor
New Contributor
‎2017-04-17 04:13 PM

Limits of replica appliance

Jump to solution

We're using RSA SecurID Appliance version 3.1 running Auth Manager 7.1. We have a primary and a replica. Questions are: 

How long can the authentication replica service requests without having contact with the primary?

In what ways is the replica limited vs the primary. I.E. what functions can you not perform on the replica?

0 Likes
Reply
1 Solution

Accepted Solutions
JayGuillette
Apprised Contributor Apprised Contributor
Apprised Contributor
‎2017-04-17 04:20 PM

Jump to solution

A replica is a read only copy of the primary database, used to authenticate users on agents, but you cannot administer on a replica, cannot add new people, agents, assign tokens, etc...

A replica can be promoted to primary, either as a disaster recovery meaning the primary is dead, or a maintenance, meaning you want to attach the old primary as a replica to the newly promoted replica

 

The good thing about Auth manager is also the bad thing, it just keeps running.  AM 7.1 is at least 4 years out of date, maybe a lot more.  you'll need to look at migrating your 7.1 database to at least version 8.1 SP1 P15

View solution in original post

Reply
4 Replies
JayGuillette
Apprised Contributor Apprised Contributor
Apprised Contributor
‎2017-04-17 04:20 PM

Jump to solution

A replica is a read only copy of the primary database, used to authenticate users on agents, but you cannot administer on a replica, cannot add new people, agents, assign tokens, etc...

A replica can be promoted to primary, either as a disaster recovery meaning the primary is dead, or a maintenance, meaning you want to attach the old primary as a replica to the newly promoted replica

 

The good thing about Auth manager is also the bad thing, it just keeps running.  AM 7.1 is at least 4 years out of date, maybe a lot more.  you'll need to look at migrating your 7.1 database to at least version 8.1 SP1 P15

Reply
JayGuillette
Apprised Contributor Apprised Contributor
Apprised Contributor
In response to JayGuillette
‎2017-04-17 04:22 PM

Jump to solution

also, if replication is broken, i.e. the primary is not sending changes to the replica, then your replica is getting out of date...if your site is stable this will only be a small problem, but with a big risk.  If your site changes often this is a bigger problem with bigger risk.  Look in Operations Console - Deployment Config - Instances - Status report to see if OK.  

Reply
BrianTwomey
Employee
Employee
‎2017-04-17 04:57 PM

Jump to solution

Another thing to be aware of in 7.x....the Primary will only keep so many days of data in queue for the replica...once that data gets overwritten the replica will be unrecoverable and must detached/reattached.....not to mention that the archive log table will continue to grow (on Primary) and if that hits 100 GB, the Primary will no longer function.

Reply
EdwardDavis
Employee
Employee
‎2017-04-18 08:12 AM

Jump to solution

a) a replica without a primary will authenticate things already in it's database indefinitely...forever it you want it to

 

b) a replica is in read only mode, no administrative actions can be done on a replica except things initiated by a user login action,

and that are already in some sort of change required mode, such a set a user pin/change a pin or lock out a user. 

Reply
© 2022 RSA Security LLC or its affiliates. All rights reserved.