Cisco Systems 3.3

9-5

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

Chapter 9 System Configuration: Advanced

CiscoSecure Database Replication

c. The primary Cisco Secure ACS verifies that the version of Cisco Secure

ACS that the secondary Cisco Secure ACS is running is the same as its

own version of Cisco Secure ACS. If not, replication fails.

d. The primary Cisco Secure ACS compares the list of database

components it is configured to send with the list of database components

the secondary Cisco Secure ACS is configured to receive. If the

secondary Cisco Secure ACS is not configured to receive any of the

components that the primary Cisco Secure ACS is configured to send, the

database replication fails.

3. After the primary Cisco Secure ACS has determined which components to

send to the secondary Cisco Secure ACS, the replication process continues on

the primary Cisco Secure ACS as follows:

a. The primary Cisco Secure ACS stops its authentication and creates a

copy of the CiscoSecure database components that it is configured to

replicate. During this step, if AAA clients are configured properly, those

that usually use the primary Cisco Secure ACS failover to another

Cisco Secure ACS.

b. The primary Cisco Secure ACS resumes its authentication service. It also

compresses and encrypts the copy of its database components for

transmission to the secondary Cisco Secure ACS.

c. The primary Cisco Secure ACS transmits the compressed, encrypted

copy of its database components to the secondary Cisco Secure ACS.

This transmission occurs over a TCP connection, using port 2000. The

TCP session uses a 128-bit encrypted, Cisco-proprietary protocol.

4. After the preceding events on the primary Cisco Secure ACS, the database

replication process continues on the secondary Cisco Secure ACS as follows:

a. The secondary Cisco Secure ACS receives the compressed, encrypted

copy of the CiscoSecure database components from the primary

Cisco Secure ACS. After transmission of the database components is

complete, the secondary Cisco Secure ACS decompresses the database

components.

b. The secondary Cisco Secure ACS stops its authentication service and

replaces its database components with the database components it

received from the primary Cisco Secure ACS. During this step, if AAA

clients are configured properly, those that usually use the secondary

Cisco Secure ACS failover to another Cisco Secure ACS.