140 likes | 863 Views
RSA SecurID Appliance Setup & Administration. Michal Červinka SOFT-TRONIK, a.s. michal.cervinka @soft-tronik.cz. More about HW. Intel Pentium 4 Celeron 2.53 GHz Processor. Intel 865G + ICH5 Chipset Intel 2x 1Gigabit & 2x 10/100 Ethernet Controller
E N D
RSA SecurID ApplianceSetup & Administration Michal Červinka SOFT-TRONIK, a.s. michal.cervinka@soft-tronik.cz
More about HW • Intel Pentium 4 Celeron 2.53 GHz Processor. • Intel 865G + ICH5 Chipset • Intel 2x 1Gigabit & 2x 10/100 Ethernet Controller • 512MB DDR400 Memory Module (Support Memory up to 4GB.) • 1x3.5" SATAII 80GB HDD • 1 X Keyboard Port, 1 X VGA Port • 3 X USB 2.0 interface (you can use USB memory dev.) • 3 X Cooling FAN (2 - System / 1 - Power Supply) • Power Supply 350W, Cons. 160W • 1U Rack Mount Form Factor
More about SW • Hardened Windows 2003 Server Standard Edition • RSA Authentication Manager 6.1 • RSA Authentication Agent 6.1 for Windows (local auth.) • RSA Authentication Agent 5.6 for IIS • Web Administration Application • RSA Radius Server 6.1 • SNMP Agent Plug-in
Initial Setup • appliance address displayed on LCD, address your laptop and connect to https://192.168.100.100:8098 • user name administrator and the temporary password [RSAAppliance] (including the brackets) • choose primary / replica setup • go through the QuickSetup wizzard • set date and time • change administrator password • hostname, domainname, IP settings • provide license • import token records • assign token to administrator and test • enable authentication and finish
Understanding Admin Accounts • Administrator – standard admin, always requires token, consumes a license • AdminWebUser – internal (web server) use, don’t change • rsaLocalAdmin – emergency access only • Create more …
Basic Appliance Administration • simple, intuitive web-based administration interface (https://<appliance>:8098) • “Administrator” – instant standard admin account • Token authentication is a “must”
Advanced Appliance Administration • Windows Server administration via RDP over SSL • Traditional Authentication Manager admin tools via RDP over SSL • Traditional AM remote console
Emergency Access • turn-off • connect keyboard+monitor • turn-on • Login as rsaLocalAdmin • run db-admin
Resetting to Factory Defaults • turn off • turn on • on the first beep turn the dial clockwise • You will loose all the upgrades and optional installations
Backup • Online-backup script: c:\authmgr\scripts\rotatebackup.bat • Creates MS .cab file • By default runs once a week (windows scheduler) • Accessible at https://<appliance>:8098/admin/ACE/backup_dwnld.asp
Restore • Copy .cab to the appliance and unpack • Stop AM services • Create empty databases (run sdnewdb.exe) • Load databases (server and log) • Owerwrite sdconf.rec • Create windows admin account if needed • Restart the appliance
Patches and Upgrades • OS • AM components • Download the upgrade bundle, extract • Run setup • Reboot if needed
Monitoring • E-mail Alerts (Event Log) • SNMP Traps • Authentication Manager • Authentication Agent • Radius • Scheduled restart