RSA Authentication Manager 6.1 Administrator's Guide - The Ether ...

More documents

Recommendations

Info

RSA Authentication Manager 6.1 Administrator’s GuideEach Agent Host registered in the Authentication Manager database can have its ownlist of authorized RSA SecurID users. You create this list by activating users on theAgent Host or by making users members of groups that are activated on the AgentHost. You also have the option of designating “open” Agent Hosts without specificuser or group activations.The following table shows what categories of users are allowed access to each type ofAgent Host. Note that an open Agent Host can optionally be instructed to search otherrealms for users who are not known locally. However, these users must belong torealms that are registered in your RSA Authentication Manager database.Agent HostConfigurationSet up with lists of activatedusers and groupsOpen, set to look up users inregistered realmsAvailability to Users inLocal DatabaseOpen to valid activated usersand members of activatedgroupsOpen to all valid usersAvailability to OutsideUsersOpen to valid activated usersand members of activatedgroups, provided users’realms are locally registeredOpen to all valid users,provided users’ realms arelocally registeredOpen, no lookup Open to all valid users No accessFor more information about Agents and Agent Host activation, see Chapter 3, “Agentsand Activation on Agent Hosts.”RSA Authentication Agent software installed on Agent Hosts or integrated intorouters, communication servers, VPN servers, web servers, and firewalls performs thefollowing functions as part of the authentication process:• Responds to logon attempts with a request for an RSA SecurID passcode• If the user’s computer is online (connected to a network), sends the user’sresponse to the Authentication Manager for verification that the user is authorizedto use resources on the Agent Host• If the user’s computer is offline (disconnected from the network), works withother RSA Security software on the user’s machine to perform an offlineauthentication (RSA Authentication Agent 6.1 only)• After a user’s machine reconnects to a network, sends offline authentication logdata to the RSA Authentication Manager for incorporation into the log database• Verifies the authenticity of the RSA Authentication Manager so that no othermachine can masquerade as the Authentication Manager to capture security data• Encrypts and decrypts messages sent between the Agent Host andthe Authentication Manager24 1: Overview
RSA Authentication Manager 6.1 Administrator’s GuideThe RSA Authentication Manager provides:• Continuous authentication service to Agent Hosts• Offline authentication data to computers whose users are often disconnected fromthe network (computers with RSA Authentication Agent 6.1 only)• Cross-realm authentication services for users visiting from other realms• Administrative functions for the Authentication Manager system (on the Primaryonly—administrative functions are limited on Replicas)• Real-time monitoring of RSA SecurID authentication and administrative activityAutomatic Load BalancingVersion 5.0 (and later) RSA Authentication Agents can do automatic load balancingby polling the Authentication Managers and selecting the one that responds mostquickly to an authentication request. You can also balance the load manually byconfiguring Agents to give higher priority to different Authentication Managers. Formore information, see “Load Balancing by Agent Hosts” on page 69.Authentication Manager and Agent Host Communication ThroughFirewallsAn RSA Authentication Agent Host can use up to three alias Authentication ManagerIP addresses to communicate with an RSA Authentication Manager that is located onthe other side of one or more firewalls. When one of these firewalls intercepts anauthentication request, it recognizes one of the Authentication Manager’s alias IPaddresses and uses an established protocol to match the alias with a valid IP address.For information on setting alias Authentication Manager IP addresses, see theWindows Installation Guide.The configuration file of an Agent Host separated from the Authentication Managerby a firewall must contain the list of available aliases. If you have legacy Agent Hoststhat must authenticate through a firewall, and you want to use an alias IP address thatis not listed in the database as an available alias, you can use the Configuration RecordEditor to edit the Acting Master and Slave Authentication Manager fields in anysdconf.rec file. For more information, see “Legacy Agent Hosts” on page 75.Legacy Agent SupportTwo changes in RSA Authentication Manager 5.0 (and later) architecture improvedauthentication rates over previous major versions: the use of multiple authenticatingReplicas and the ability of the new RSA Authentication Agent software to select theReplica that will respond most quickly to an authentication request. The new Agentsoftware is aware of all the Replicas in your realm and can send authenticationrequests to any one of them.Lacking this ability, Agent Hosts running versions of RSA ACE/Agent software prior to5.0 can authenticate users against only the Master or the Slave, because the Agent Host’sconfiguration file (sdconf.rec) identifies only these two Authentication Managers.For more information about legacy Agent issues, see “Legacy Agent Hosts” on page 75.1: Overview 25
Page 1 and 2: RSA Authentication Manager 6.1Admin
Page 3: RSA Authentication Manager 6.1 Admi
Page 6 and 7: RSA Authentication Manager 6.1 Admi
Page 75 and 76:
RSA Authentication Manager 6.1 Admi
Page 77 and 78:
Page 79:
Page 82 and 83:
Page 84 and 85:
Page 86 and 87:
Page 88 and 89:
Page 90 and 91:
Page 92 and 93:
Page 94 and 95:
Page 96 and 97:
Page 98 and 99:
Page 100 and 101:
Page 102 and 103:
Page 105 and 106:
Page 107 and 108:
Page 109 and 110:
Page 111 and 112:
Page 113 and 114:
Page 115 and 116:
Page 117 and 118:
Page 119 and 120:
Page 121 and 122:
Page 123 and 124:
Page 125 and 126:
Page 127 and 128:
Page 129 and 130:
Page 131 and 132:
Page 133 and 134:
Page 135:
Page 138 and 139:
Page 140 and 141:
Page 142 and 143:
Page 144 and 145:
Page 146 and 147:
Page 148 and 149:
Page 150 and 151:
Page 152 and 153:
Page 154 and 155:
Page 156 and 157:
Page 158 and 159:
Page 160 and 161:
Page 162 and 163:
Page 164 and 165:
Page 166 and 167:
Page 168 and 169:
Page 170 and 171:
Page 172 and 173:
Page 174 and 175:
Page 176 and 177:
Page 178 and 179:
Page 180 and 181:
Page 182 and 183:
Page 184 and 185:
Page 186 and 187:
Page 188 and 189:
Page 190 and 191:
Page 192 and 193:
Page 194 and 195:
Page 196 and 197:
Page 198 and 199:
Page 200 and 201:
Page 202 and 203:
Page 204 and 205:
Page 206 and 207:
Page 208 and 209:
Page 210 and 211:
Page 212 and 213:
Page 214 and 215:
Page 216 and 217:
Page 218 and 219:
Page 220 and 221:
Page 222 and 223:
Page 224 and 225:
Page 226 and 227:
Page 228 and 229:
Page 230 and 231:
Page 233 and 234:
Page 235 and 236:
Page 237 and 238:
Page 239 and 240:
Page 241 and 242:
Page 243 and 244:
Page 245:
Page 248 and 249:
Page 251 and 252:
Page 253 and 254:
Page 255 and 256:
Page 257 and 258:
Page 259 and 260:
Page 261:
Page 264 and 265:
Page 266 and 267:
Page 268 and 269:
Page 270 and 271:
Page 272 and 273:
Page 274 and 275:
Page 277 and 278:
Page 279 and 280:
Page 281 and 282:
Page 283 and 284:
Page 285 and 286:
Page 287 and 288:
Page 289 and 290:
Page 291 and 292:
Page 293 and 294:
Page 295 and 296:
Page 297 and 298:
Page 299 and 300:
Page 301 and 302:
Page 303 and 304:
Page 305 and 306:
Page 307 and 308:
Page 309 and 310:
Page 311 and 312:
Page 313 and 314:
Page 315 and 316:
Page 317 and 318:
Page 319 and 320:
Page 321 and 322:
Page 323 and 324:
Page 325 and 326:
Page 327 and 328:
Page 329 and 330:
Page 331 and 332:
Page 333 and 334:
Page 335 and 336:
Page 337 and 338:
Page 339 and 340:
Page 341 and 342:
Page 343 and 344:
Page 345 and 346:
Page 347 and 348:
Page 349 and 350:
Page 351 and 352:
Page 353 and 354:
Page 355 and 356:
Page 357 and 358:
Page 359 and 360:
Page 361 and 362:
Page 363 and 364:
Page 365 and 366:
Page 367 and 368:
Page 369 and 370:
Page 371 and 372:
Page 373 and 374:
Page 375 and 376:
Page 377 and 378:
Page 379 and 380:
Page 381 and 382:
Page 383 and 384:
Page 385 and 386:
Page 387 and 388:
Page 389 and 390:
Page 391 and 392:
Page 393 and 394:
Page 395 and 396:
Page 397 and 398:
Page 399 and 400:
Page 401 and 402:
Page 403 and 404:
Page 405 and 406:
Page 407 and 408:
Page 409 and 410:
Page 411 and 412:
Page 413 and 414:
Page 415 and 416:
Page 417 and 418:
Page 419 and 420:
Page 421 and 422:
Page 423 and 424:
Page 425 and 426:
Page 427 and 428:
Page 429 and 430:
Page 431:
Page 434 and 435:
Page 437 and 438:
Page 439 and 440:
Page 441 and 442:
Page 443 and 444:
Page 445 and 446:
show all

RSA Authentication Manager 6.1 Administrator's Guide - The Ether ...

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?