Database Replication

The database replication feature is designed to duplicate parts of the primary Cisco Secure ACS setup to one or more secondary servers, providing fault-tolerant AAA services. In the event the primary ACS server fails or is out of service, clients may be configured to use these secondary servers as backup for AAA services.

Database replication provides the following features:

• Replicate parts of the primary Cisco Secure ACS configuration

• Create schedules and timing for the replication process

• Export selected configuration from the primary Cisco Secure ACS

• Transport selected configuration data from primary to secondary Cisco Secure ACS servers securely

Some items in the Cisco Secure ACS database may not be replicated:

• Unknown user group mapping configuration

• IP pool definitions

• Cisco Secure ACS certificate and private key files

• External user database configurations

• Logging configurations

• User-defined RADIUS dictionaries

• RDBMS synchronization settings

• System configurations settings in the ACS Service Management page

• Third-party software such as RSA ACE client software

Figure 9-3 depicts a replication scenario. Server 1 acts as the primary Cisco Secure ACS, replicating to servers 2 and 3, which act as secondary Cisco Secure ACS devices.

Figure 9-3. Cisco Secure ACS Database Replication Scenario

Figure 9-3. Cisco Secure ACS Database Replication Scenario

The primary Cisco Secure ACS sends replicated database components to secondary Cisco Secure servers. The secondary Cisco Secure ACS receives the replicated database components from a primary Cisco Secure ACS.

The replication is one way from the primary server to the secondary servers. Bidirectional replication, to and from servers to each other, is not supported. For example, if server 2 were configured to replicate to server 1 in addition to receiving replication from server 1, replication to server 2 would fail.

In a cascading multiserver ACS environment, it is possible for a server to be both primary and secondary ACS to different servers. Figure 9-4 shows a cascading ACS replication scenario.

0 0

Post a comment