29 Apr 2010

Integrating ISA 2006 with RSA AM 7.1 SP2

I've just finished testing RSA SecurID Token  authentication with FBA on ISA Server 2006, below are the steps that I followed.

We followed some notes at the MS TMG Technet Blog for the actual ISA Rule base configuration which is pretty straightforward.

Register ISA Servers as Authentication Agents in RSA AM 7.1


Open the RSA AM Security Console and go to 'Access', 'Authentication Agents' and 'Add New'.






Complete the details for the ISA Server as an 'Authentication Agent' including the FQDN and IP Address. I also set the 'Agent Type' to 'Web Agent' (Unlike in the screenshot).


Generate RSA AM Config File

In the Security Console go to 'Access', 'Authentication Agents' and 'Generate Configuration File'.



Check the setting and then click the 'Generate Config File' button to download the configuration file.


 Click 'Download Now' to start the configuration file download.


Download and extract the sdconf.rec from the AM_Config.zip once downloaded

Copy sdconf.rec to C:\Windows\System32\ and C:\Program Files\Microsoft ISA Server\sdconfig\ on all relevant ISA Servers.

Set Node Secret for each Authentication Agent (ISA Server)

In the RSA Security Console, go to  'Access', 'Authentication Agents' and 'Manage Existing'.


Click the arrow next tot he appropriate ISA Server and select 'Manage Node Secret...'





On the RSA AM server Locate agent_nsload.exe and copy to each ISA Server in the array




Set a node secret in RSA AM interface on each Agent entry and download .zip files when requested

Extract the NODESECRET.REC file from the supplied .zip and place with the agent_nsload.exe

To import the node secret to the ISA Server(s), run the following command

agent_nsload.exe -f <path to nodesecret.rec>  -p <node secret password>

A 'securid' file should then be created in C:\Windows\System32\ (note the lack of file extension). This file should then be copied to the "C:\Program Files\Microsoft ISA Server\sdconfig\"

That was enough to get ISA working with RSA 7.1 SP2.
Posted by Chris at 14:05 0 comments
Labels: ,

9 Apr 2010

Change RSA AM 7.1 SP2 Allocated Disk Space for Instance Replication

I've deployed three VMs with approx 40GB of disk space available to RSA AM 7.1 and it's database. The problem is that by default RSA AM, is configured to use a maximum of 100GB, therefore there's a chance that it could consume all of the available disk and consequently halt it's services.

The fix can be found in the Troubleshooting section of the RSA AM Administrative Guide under "Freeing Disk Space Allocated for Logging on a Replica Instance". RSA recommends allowing AM to utilise 75% of the available disk space, therefore if you have 30GB free after install then you should use 22.5GB. Unfortunately the command line doesn't appear to like the decimal point so I used 22GB.

You'll need to open a command prompt and go to the 'utils' folder in the RSA install folder and run the following command where 22 is the size that you wish to dedicate to RSA AM's logs.

rsautil manage-database -a change-max-size -f archived_trans_files -s 22
You'll be prompted to confirm your password twice and then you should receive "Done..."


That's all for now.
Posted by Chris at 15:46 0 comments
Labels:
Subscribe to: Posts (Atom)