17-5
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
Chapter17 Configuring System Operat ions
Understanding Distributed Deployment
When the connection to the primary server resumes, you can reconnect the disconnected secondary
instance in Local Mode to the primary server. From the secondary instance in Local Mode, you specify
the Admin username and password to reconnect to the primary instan ce. All configuration changes made
while the secondary server was in Local Mode are lost.
Related Topics
Activating Secondary Servers, page 17-3
Understanding Full Replication, page 17-5
Understanding Full Replication
Under normal circumstances, each configuration change is propagated to all secondary instances. Unlike
ACS 4.x where full replication was performed, in ACS 5.4, only the specific changes are prop agated. As
configuration changes are performed, the administrator can monitor (on the Distributed System
Management page) the status of the replication and the last replication ID to ensure the secondary server
is up to date.
If configuration changes are not being replicated as expected, the administrator can request a full
replication to the server. When you request full replication, the full set of configuration data is
transferred to the secondary server to ensure the configurati on data on the secondary server is re
synchronized.
Note Replication on the Message Bus happens over TCP port 61616. Full replication happens over the Sybase
DB TCP port 2638.
Warning
ACS management services are started even when a warning message is displayed as connection
failed. The services do not get stuck in the initialization stage.
Related Topics
Activating Secondary Servers, page 17-3
Promoting a Secondary Server, page 17-4
Understanding Local Mode, page 17-4
Specifying a Hardware Replacement
You can perform a hardware replacement to allow new or existing ACS instance hardware to re-register
to a primary server and take over an existing configuration already present in the primary server. This is
useful when an ACS instance fails and needs physical replacement.
To perform the hardware replacement
Step1 From the web interface of the primary instance, you must mark the server to be replaced as deregistered.
Step2 From the secondary server, register to the primary server.
In addition to the standard admin credentials for connecting to the primary server (username/password),
you must specify the replacement keyword used to identify th e configuration in the primary server. The
keyword is the hostname of the instance that is to be repla ced.