Template SoW: RSA 6.1 to 8.1 Single Hardware Appliance Migration with Citrix Access Gateway

Scope of works:


1 Days RSA Authentication Manager Consultancy

  • Installation RSA 130 Appliance
  • Migration of data from version 6.1 to version 8.1

 Scope of Work

 Installation of Primary RSA 130 Appliance

  • Integrate with Citrix Access Gateway – 4.5
  • Confirm migration by testing authentication
  • Provide skills transfer as time allows


RSA Installation

  • Customer to supply RSA version 8.1 Appliance, Tokens, token seed Files & licenses
  • 8.1 License file may need to be downloaded from RSA Download Central at https://download.rsasecurity.com if not already obtained
  • Use the credentials and the license serial number  that RSA e-provided to you to log on to the site and download the license file. If you did not receive an e-mail with the logon credentials, contact the RSA Exceptions (support) Desk by sending an e-mail with your contact information and license serial number (provided in your order confirmation) to support@rsa.com or contacting 01344 781100
  • Further details on the process are available in a 5 min youtube video here: http://www.youtube.com/watch?v=5e9tawZ8JfU
  • The location of the license file before running the appliance Quick Setup Process
  • The network information for each appliance must be provided: the fully qualified domain name (FQDN), static IP address, subnet mask, default gateway, and DNS server IP addresses
  • RSA Servers will need fully qualified Hostnames configured in DNS (forward & reverse lookups)
  • RSA server will need to be synced to an NTP time source – it is assumed that this is the same time source as previous installation – differences in time can impact user authentications
  • Any Firewalls must be configured to allow all RSA & other components to communicate with one another
    • HTTPS, TCP 7004 & 7072 Ports required for Administration Consoles – these must be allowed through Firewalls from wherever administration performed on network
    • UDP 5500, 1812, 1813 required for RSA Authentication from Citrix
  • A test Agent can also optionally be installed to Windows PC to test Authentication of system prior to migration of 6.1 Data if required – the agent is freely downloaded from the RSA website here: http://uk.emc.com/security/rsa-securid/rsa-authentication-agents/windows.htm

Third Party Product integration

  • Integration with Citrix Access Gateway will be configured based on supported configuration as determined by documentation at https://www.rsasecured.com
  • The versions of third party agents are assumed to be versions listed in the guides on the https://www.rsasecured.com site.
  • Number of 3rd party product testing post migration will be as time allows – unless exact number is determined before consultancy.
  • Customer is responsible for any integrated 3rd party products.

Migration of 6.1 Data

  • Current RSA version is Authentication Manager 6.1.2 with a Primary & Replica – version 8.1 will only be installed on single purchased appliance
  • Existing version must be already installed & working correctly
  • Full connectivity to 6.1 Installed RSA systems and Administrative Access to be supplied
  • Downtime to stop RSA 6.1 Server to take database dump files – 15minutes
    • Migrating Log data is optional
    • Migrating any replica Server data is optional
  • Ability to copy dump files & other required files between 6.1 & 8.1
  • Migration of data is assumed to be migration of agents, user accounts, tokens, PINS and associated user data only – other configuration may require manual setup post migration.
  • If integrated with Active Directory – Usernames used in 6.1 environment must match those in Active Directory in order for migration to succeed to 8.1 if transferring a static user list to an Active Directory user list

Citrix Access Gateway integration

  • New Appliance to be integrated with Citrix Access Gateway Appliance via either a change to Citrix Access Gateway Configuration or by using previous RSA Appliance IP addresses

Post Implementation

  • Basic Skills transfer as time allows

Outside Scope

  • Advanced features such as:
    • 8.1 Webtier components – for external published access to Self-Service Console, use of Risk Based Authentication, Dynamic Seed Provisioning of Software Tokens (Most customers rarely use/need these components)
    • Self-Service Console can be used for internal use only
    • User Self service Token Provisioning component
    • Trusted Realm Deployments
    • Any other RSA consultancy requirements and RSA features not discussed in scope of work & caveats are outside agreed scope of consultancy.
    • Documentation
      • Basic screenshots of installation process can be done as time allows if required


  • 1 Day consultancy
  • All work done as time allows and assumed no time consuming change control process on the days involved impacting changes

The Boy and The sea ———– أمام البحر قد وقف


هذا البحر الممتد حتى الأفق البعيد

This sea extends until the far horizon

أتسمع صوت أمواجه؟

Do you hear the sounds of its waves?

أجل. وكأنها تحكي قصته العجيبة

Yes, like it is telling it’s amazing story

انظر إلى ذلك الصبي الواقف أمامه،

Look at that boy standing in front of it

كأنه يتحدث إليه

Like he is talking to it

إنه يسأله عن أسراره

Verily he is asking about its secrets

والبحر يجيبه

And the sea is answering



أمام البحر قد وقف       

In front of the sea he stood

صبي يجمع الصدف

A boy collecting shells

وحين الموج بلله

And when the wave drenched him

أحس البرد فارتجف

He felt the cold and shivered

سؤال عابر فار

A passing question rankled

بنفس الطفل فاحتار

With the boys soul and then he wondered

يرى بحرا ولا يدري

He sees a sea he does not know

له معنى ولا هدفا

For him a meaning and no objective

يحار القلب والفكر

It perplexes the heart and the mind

فمن سَوَّاك يا بحر

Then who shaped you O sea?

جلال روعة سر

A majestic awesome mystery

تُحّيِّر قلبا من وصف

It confused a heart who it described

وراح البحر يتسم

And the sea leaves making him believe

وبالشطآن يرتطم

And with the devil he collided

وحين الطفل أحرجه

And when the boy embarrassed him

أزاح الصمت واعترف

He brushed aside the silence and he acknowledged

وقال البحر يا ولدي

And the sea said O boy

سل الأسماك في كبدي

Unsheathe the fish inside

وسل موجي تجد قلبي

And Unsheathe my wave to find my heart

بحب الله قد هتف

With the love of Allah he called out

إله الكون سوّاني

The God of the universe arranges you

ومن يرعاك يرعاني

And who looks after you looks after me

تبسم بعدها الطفل

He smiles after it, the boy

وحيّ البحر وانصرف

Inspired by the sea, he departs