Deploying RSA SecurID 2FA Authentication Manager with Replica, Part-1

Md. Mahim Bin Firoj
5 min readJun 23, 2024

--

Image credit: RSA

In this writeup, we will deploy RSA authentication manager 8.7 SP2

We will deploy it on top of vmware infrastructure.

What you need?

  • The AM .ova file.
  • License file.
  • Active Directory.
  • Give entry as 2fa-pri.gbpl.local and 2fa-rep.gbpl.local (in your case provide the entry as per your wish)
  • NTP server is required but you can bypass that. I will show you.
  • Allow the necessary ports to the respective internal firewalls.
    https://community.rsa.com/s/article/Ports-for-the-RSA-Authentication-Manager-Instance

Now I am assuming that your company has a partnership with RSA and you have already created partner account on RSA. Then you can purchase the license via any distributor. We have purchased the NFR-Not for resell license and got the required link to download the necessary files from RSA.

And because of this, we have got rsa am vmware .ova file, hyper-v virtual appliance .zip file, rsa update iso file, license file etc on the portal. We have downloaded the 8.7 SP2 vmware .ova file along with the license file.

Now let’s login to our esxi host the deploy the ova.

Click here.
Click on Deploy a virtual machine from an OVF or OVA file

Choose the name as your wish and browse the location where you placed your .ova file.

Click next

On the network mappings we choose VM Network because it is connected to internet. Your case could be different. You do not need to provide internet connection on rsa am. We also choose Disk Provisioning as Thin because we want whatever the disk this vm require, will get it automatically from the storage.

You just pass through this by clicking next because we have seen that despite of giving entry here, we again need to give the same entry at the time of main vm installation time.

We entered to 10.10.11.164 host via rdp, access esxi there and complete rest of the tasks.

The same way create another vm for the replica instance.

IP structure:

RSA 2FA PRI 10.10.11.162

RSA 2FA REP 10.10.11.163

Replica vm is also done. Now we will launch the Primary vm.

This is our vm hardware related informations. Maximize the vm.

These are the informations that you need to provide, then press y to continue further.

Wait to finish the process

Copy the setup access code and hit the url. The default username and password is rsadmin:rsaadmin

If you need to login inside the machine in order to disable iptables then you can do that.

Provide the access code and click on next.

In the next page, accept the license agreement.

Click here
Select the license zip file and click on open
Click on upload

If the license is successfully uploaded then you will see the above informations. Click next.

We have given AD server ip as the ntp server. In production you should provide an ip of a functional ntp server. Click next.

Provide the operating system password. Which need to be 8–32 characters, one special character and one numeric character at least.

Similarly create scadmin and ocadmin username and password. Click next.

It will take 10–15 minutes to complete the whole process.

Once completed, you shall see the above page. Click those links to access.

Accessing sc console
Accessing oc console

From the Security Console > Setup > Licenses > Status you can see the license status.

Now we need to generate the replica package from operation console.

Download it.

In the next part we will deploy the replica instance, configure that and attach with the primary instance.

Here is the link of Part-2:

If you find this useful, kindly subscribe below, Thank you.

LinkedIn:

https://www.linkedin.com/in/md-mahimbin-firoj-7b8a5a113/

YouTube:

https://www.youtube.com/@mahimfiroj1802/videos

--

--