10 Feb 2010

RSA Authentication Manager 7.1 on VMware ESX 3.5

I'm right in the middle of an RSA Authentication Manager 7.1 SP2 deployment onto VMware ESX 3.5 as I type and having stumbled across some "gotcha's" already, I've decided to note them as I go.

  • It's perfectly acceptable for RSA AM 7.1 to take approximately 15 minutes to start up thanks to Java and the 'new' Oracle Database backend. About 13 minutes of the delay is at "Applying Computer Settings". (Even with 2vCPU's and 4GB RAM).
  • Give the server 4GB of RAM if possible even though RSA only recommend 2GB, that way all the services will be able to start at boot up
  • When installing a Replica Instance, you'll need the replica package creating on your Primary Instance and also a copy of your RSA License certs handy. Also make sure that there is connectivity from it to your existing Primary Instance and any other Replica instances that you may have. TCP port 2334 will need to be open if you've got a firewall or two in the way.
  • I'm not really having a great deal of luck with RSA AM 7.1, I'm finding it very finicky in terms of connecting Replica instances to the Primary. I'm considering another rebuild of the VMs so that I'm happy that they're working as they should. I've also experienced my Primary Instance running out of disk space eventhough it had 30GB set aside just for Authentication Manager.
  • I've rebuilt my Primary and Replica now and they seem to be a little more stable. I've noticed that by default AM will assume that there is 100GB of disk available for replication. Now apparently this can be changed by following the directions in Appendix G of the Administrators PDF. I cannot find the relevant instructions although I am wondering if it can be achieved using rsautil manage-database and resizing the database files. Update - I've found that I was referring to the old documentation for the above problem. Please see my most recent post to resolve this issue.


John said...

What has been your experience with AM 7.1 on VMWare? We are currently looking at upgrading a large environment but RSA does not allow the use of VM tools such as Snapshots and VMotion with AM.

Chris said...

I'm not that impressed if I'm honest. The RSA restrictions around vMotion & Snapshots remove most of the benefits that VMware provides. If I need to take down a host for maintenance then it means that the RSA server also needs downtime.

The performance is not the greatest either but I'm hoping to remedy that by moving from our DL580 G4 based cluster a new cluster based on shiny new DL580 G7 hardware.

BTW, SP4 is now available for AM 7.1 which I'm hoping to install at some point.

Anonymous said...

Thanks for your response. Have to agree with you on the VM issue, aren't they the same company? We're a fairly large customer and have voiced our disappointment. Starting our migration soon and glad SP4 is out.