[RSA] Authentication Manager 8.1 initial deployment story

Dear colleagues,

I recently had a case to deploy (for a 100th time) yet another instance of Authentication Manager. I guess it’s pretty trivial when you deal with OVA, but why not produce nice doc with screenshot and whatnot.

What you will need:

  • OVA file (currently available pure vanilla 8.1 only from RSA SecurCare)
  • compute: vSphere environment will be my poision
  • storage: 100 GB (for starters)
  • network: (vlans, port groups, NTP source, firewall and IPAM reservations on IP and DNS)
  • endpoint / jumphost: I used Windows Server 2008 R2 / Windows 7


  • always make sure relevant firewall matrix is in-place! 🙂
  • connect to vSphere – in case I used vSphere Web Client
  • select datacenter / cluster you’d like to deploy onto and from the Actions click on Deploy OVF Template


  • select Local file radio button and click on Browse to select the file, once done click on Next


  • review the details and click on Next


  • read the licence agreement (scroll down to activate Accept button) and click Next


  • pick the name for VM according to your naming convention and select a folder or datacenter


  • Select virtual disk format: Thick Provision Lazy Zeroed then pick favorite datastore


  • by default OVA is configured with one interface, select relevant portgroup under Destination which is configured on the host and click on Next


  • fill in the form,  (you can override these settings once machine boots – screen with verification) and click on Next


  • review the settings and click on Finish


  • wait until OVF deployment is finished


  • once completed now is the best time to assign every anti-affinity rule, vApp assignments, resource pools that should apply
  • power on the VM and open console to it
  • if you pressed any button while seeing this screen you could modify the keyboard layout, was fine for me…


  • if you pressed any button while seeing this screen you could modify the network config, note the OVF settings don’t update the guest VM 🙁


  • wait couple of minutes to reach the see following screen (take a note of https address, Quick Setup Access Code and SHA1 fingerprint)


  • open the browser of your choice type in the https address
  • software appliance uses self-signed certificate so you will see the following warning message


  • if positive click on ADVANCED and then on proceed
  • you should see the following screen


  • before entering the Quick Setup Access Code verify the authenticity of the page by examining the actual SHA1 thumbprint vs. the value from the vSphere console (click on the red padlock then View certificate, from Details Tab if you scroll all the way down you will see the thumbrint/fingerprint), if ok then proceed


That’s it. Based on the role of this instance you could make it either:

  • Primary
  • Replica