RSA Authentication Manager 6.1 Administrator's Guide - The Ether ...

More documents

Recommendations

Info

RSA Authentication Manager 6.1 Administrator’s GuideCross-Realm ModelIn the RSA Authentication Manager context, each instance of a Primary and itsReplicas is called a realm. A single installation can include multiple realms, and youcan configure a realm to authenticate and allow access to users from other realms.This is called “cross-realm” authentication.Important: This section refers to implementations with multiple Realms and isapplicable only to RSA Authentication Manager Advanced license customers. For adescription of the licensing options, see Appendix A, “Licensing.”Multiple realms may not be needed in your installation. RSA AuthenticationManager 6.1 allows each Primary to have up to 10 Replicas, greatly increasing theload one realm can handle. If your installation initially includes one Primary and twoReplicas, you can add additional Replicas, at different physical locations, as your userbase grows.If you have a very large number of users or want to install Primary AuthenticationManagers at widely separated sites, you may decide to use multiple realms. If so, youhave to configure each realm specifically to accept and authenticate users from otherrealms.A user’s Home realm is the realm where that user was added to the database and wherehis or her user record is stored. A Remote realm is any realm that authenticates a userwhose record is not stored in its own database.When you add a realm to your database, you must specify the Primary in the remoterealm and one or two Authentication Managers in the remote realm that authenticatevisitors from that realm. You must also specify one or two Authentication Managers inyour own realm that authenticate users from your realm when they are visiting theremote realm. If, as RSA Security recommends, you specify two AuthenticationManagers in each realm for cross-realm authentications, one is designated thepreferred Authentication Manager and the other the failover Authentication Manager,to be used when the preferred Authentication Manager is unavailable.26 1: Overview
RSA Authentication Manager 6.1 Administrator’s GuideThe following diagram illustrates the course of a cross-realm authentication.Cross-Realm AuthenticationRealm ARealm BPrimaryServerPrimaryServerMELVILLEHOPPERWHITMAN CLEMENS DICKINSON JAMESUser'sWorkstationReplica Servers172ALCOTT6AgentHost345Replica ServersCASSATT OKEEFE EAKINS WHISTLER1. A user from Realm B attempts to log on to Agent Host ALCOTT in Realm A.2. The Agent Host passes the request to Replica JAMES, where theRSA Authentication Manager 6.1 software checks the database and does not findthe user.3. Authentication Manager JAMES polls the preferred Authentication Manager (orif it is unavailable, the failover Authentication Manager) in each realm registeredin the Realm A database until it finds the Authentication Manager—CASSATT inRealm B—that has a user record for the visiting user.4. Authentication Manager JAMES sends the authentication request to CASSATT.(If CASSATT is unavailable, the request goes to OKEEFE, which is listed in therealm record as the failover Authentication Manager.)5. The RSA Authentication Manager 6.1 software on CASSATT in Realm Bauthenticates the user and passes this information back to JAMES in Realm A.6. JAMES informs Agent Host ALCOTT that the user is authenticated.7. The RSA Authentication Agent on ALCOTT admits the user to the network.To Begin: Click Realm > Add Realm. Click Help for directions.1: Overview 27
Page 1 and 2: RSA Authentication Manager 6.1Admin
Page 3: RSA Authentication Manager 6.1 Admi
Page 6 and 7: RSA Authentication Manager 6.1 Admi
Page 77 and 78:
RSA Authentication Manager 6.1 Admi
Page 79:
Page 82 and 83:
Page 84 and 85:
Page 86 and 87:
Page 88 and 89:
Page 90 and 91:
Page 92 and 93:
Page 94 and 95:
Page 96 and 97:
Page 98 and 99:
Page 100 and 101:
Page 102 and 103:
Page 105 and 106:
Page 107 and 108:
Page 109 and 110:
Page 111 and 112:
Page 113 and 114:
Page 115 and 116:
Page 117 and 118:
Page 119 and 120:
Page 121 and 122:
Page 123 and 124:
Page 125 and 126:
Page 127 and 128:
Page 129 and 130:
Page 131 and 132:
Page 133 and 134:
Page 135:
Page 138 and 139:
Page 140 and 141:
Page 142 and 143:
Page 144 and 145:
Page 146 and 147:
Page 148 and 149:
Page 150 and 151:
Page 152 and 153:
Page 154 and 155:
Page 156 and 157:
Page 158 and 159:
Page 160 and 161:
Page 162 and 163:
Page 164 and 165:
Page 166 and 167:
Page 168 and 169:
Page 170 and 171:
Page 172 and 173:
Page 174 and 175:
Page 176 and 177:
Page 178 and 179:
Page 180 and 181:
Page 182 and 183:
Page 184 and 185:
Page 186 and 187:
Page 188 and 189:
Page 190 and 191:
Page 192 and 193:
Page 194 and 195:
Page 196 and 197:
Page 198 and 199:
Page 200 and 201:
Page 202 and 203:
Page 204 and 205:
Page 206 and 207:
Page 208 and 209:
Page 210 and 211:
Page 212 and 213:
Page 214 and 215:
Page 216 and 217:
Page 218 and 219:
Page 220 and 221:
Page 222 and 223:
Page 224 and 225:
Page 226 and 227:
Page 228 and 229:
Page 230 and 231:
Page 233 and 234:
Page 235 and 236:
Page 237 and 238:
Page 239 and 240:
Page 241 and 242:
Page 243 and 244:
Page 245:
Page 248 and 249:
Page 251 and 252:
Page 253 and 254:
Page 255 and 256:
Page 257 and 258:
Page 259 and 260:
Page 261:
Page 264 and 265:
Page 266 and 267:
Page 268 and 269:
Page 270 and 271:
Page 272 and 273:
Page 274 and 275:
Page 277 and 278:
Page 279 and 280:
Page 281 and 282:
Page 283 and 284:
Page 285 and 286:
Page 287 and 288:
Page 289 and 290:
Page 291 and 292:
Page 293 and 294:
Page 295 and 296:
Page 297 and 298:
Page 299 and 300:
Page 301 and 302:
Page 303 and 304:
Page 305 and 306:
Page 307 and 308:
Page 309 and 310:
Page 311 and 312:
Page 313 and 314:
Page 315 and 316:
Page 317 and 318:
Page 319 and 320:
Page 321 and 322:
Page 323 and 324:
Page 325 and 326:
Page 327 and 328:
Page 329 and 330:
Page 331 and 332:
Page 333 and 334:
Page 335 and 336:
Page 337 and 338:
Page 339 and 340:
Page 341 and 342:
Page 343 and 344:
Page 345 and 346:
Page 347 and 348:
Page 349 and 350:
Page 351 and 352:
Page 353 and 354:
Page 355 and 356:
Page 357 and 358:
Page 359 and 360:
Page 361 and 362:
Page 363 and 364:
Page 365 and 366:
Page 367 and 368:
Page 369 and 370:
Page 371 and 372:
Page 373 and 374:
Page 375 and 376:
Page 377 and 378:
Page 379 and 380:
Page 381 and 382:
Page 383 and 384:
Page 385 and 386:
Page 387 and 388:
Page 389 and 390:
Page 391 and 392:
Page 393 and 394:
Page 395 and 396:
Page 397 and 398:
Page 399 and 400:
Page 401 and 402:
Page 403 and 404:
Page 405 and 406:
Page 407 and 408:
Page 409 and 410:
Page 411 and 412:
Page 413 and 414:
Page 415 and 416:
Page 417 and 418:
Page 419 and 420:
Page 421 and 422:
Page 423 and 424:
Page 425 and 426:
Page 427 and 428:
Page 429 and 430:
Page 431:
Page 434 and 435:
Page 437 and 438:
Page 439 and 440:
Page 441 and 442:
Page 443 and 444:
Page 445 and 446:
show all

RSA Authentication Manager 6.1 Administrator's Guide - The Ether ...

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?