1. Maintain correct local time on Primary server.
- Utilize the Network Time Protocol (NTP) if possible.
- Server local time must be monitored at all times to ensure that there is no drift in system time.
- If you notice a drift in the local time, do not correct it without scheduling. It may be required that you need to run the RSA 'setsyncint' utility and it may require downtime for administration.
2. Schedule regular reboots of the Primary authentication server.
- This will free up all resources, particularly if your Primary server maintains inbound TCP connections from remote admin, Quick admin and Deployment Manager products.
Note : If these connections exceed the limits set by the operating system, the server may refuse the requests for new connections from web server or remote administration machines.
- The server may run out of resources when not restarted on a semi-regular basis, especially if it is extremely busy.
- If your database is prohibitively large (e.g. > 5,000 users and tokens), plan and schedule server database compression and log database compression.
- Schedule compression of your log database and server database on separate days.
- Utilize the 'sdcompress' utility to accomplish this.
4. Monitor file sizes of RSA system files.
- Closely monitor the sizes of the sdlog.* and sdserv.* files in the RSA "prog" sub-directory.
- The file size of any single file should never be allowed to exceed 2 GB.
- Use the "delete and archive" feature to accomplish this.
- Refer to page 153 of the "RSA Authentication Manager 6.1 Administrator's Guide".
6. Maintain the Windows Event Viewer or UNIX system logs.
- Use the Windows Event Viewer to save and subsequently clear the Application log and System log.
- Clear all logs frequently.
- If the system log is too busy, you will be forced to delete it.
7. Replica nomination.
- If for some reason, the Primary server cannot be restarted due to a hard disk or other failure, immediately nominate a replica server to become the primary server.
8. Maintain Windows or UNIX operating system patches.
- Update the Primary server with most recent service pack, and other security patches.
- It is not necessary to update the web browser.
9. Backup your data.
- Do not backup the files while RSA services are running.
- Stop the RSA services and save the RSA Authentication Manager\data directory.
- Save the data on an alternate server or filesystem.
10. Monitor logs for status of replication.
- Always ensure replication is running correctly.
- Monitor the Primary server system log and application log for positive messages regarding successful replication.
No comments:
Post a Comment