| |||||
|---|---|---|---|---|---|
|
|
|
|
|
|
|
Configuring Netilla to work with Ace/Server authentication | |
ScopeThis technote refers to RSA Ace/Server 5.1 and Netilla Secure Platform 4.01 This technote has been written to provide a work around for a limitation found when trying to configure the Netilla Security Platform to have two realms talking to one RSA Ace/Server. The problem occurs because NSP stores a separate configuration for each Realm. Configuring two realms to use the same RSA Ace/Server (V5.1 and later), results in Node Verification failure reported on the Ace/Server. Testing against older versions of RSA Ace/Server yielded a slightly different result see Techote0004 During our testing we were able to prove that NSP unlike other platforms can be configured to talk to multiple RSA Ace/Server, since each realm definition is stored separately within the platform. This is very useful if you are trying to configure different realms to authenticate against different Ace/Server, but not very helpful if there is only one Ace/Server. Since each "Node Secret" issued by the RSA Ace/Server is unique and there is no way to copy it between realm definitions, there is no way to configure two NSP Realms to talk directly to one RSA Ace/Server.
| |
SolutionThere are two possible workaround to the problem. 1) Configure the RADIUS component to RSA Ace/Server and configure the NSP to talk to the Ace/Server via it's built in RADIUS Server 2) If direct communication is required between the NSP and RSA Ace/Server, it is possible to configure each NSP realm to talk to an individual Ace/Server and then establish cross realm authentication between the multiple Ace/Servers. While you would need to check your licensing agreements, technically it should be possible to configure a RSA Security two user Ace/Server demo kit to act as the second server, unpopulated acting simply as a relay to the main Ace/Server.
|
| services | products | about us | contact us | in the news |