Chapter 17 Configuring System Operations

Replicating a Secondary Instance from a Primary Instance

Failover

ACS 5.3 allows you to configure multiple ACS instances for a deployment scenario. Each deployment can have one primary and multiple secondary ACS server.

Scenario 1: Primary ACS goes down in a Distributed deployment

Consider we have three ACS instances ACS1, ACS2, and ACS3.

ACS1 is the primary, and ACS2 and ACS3 are secondaries. You cannot make any configuration changes on the secondary servers when the primary server ACS1 is down. If all other secondary ACS servers are active, we can make any secondary server as a primary server.

Step 1 Promote the ACS2 to the primary for the time being and use it to make configuration changes.

See Promoting a Secondary Instance from the Distributed System Management Page, page 17-17and Promoting a Secondary Instance from the Deployment Operations Page, page 17-18to promote a secondary ACS server as a primary server.

Now, ACS2 is the new primary instance. So, we can make the configuration changes on ACS2 and it will be instantly replicated to ACS3 and on all secondary servers.

Now, consider the ACS1 is back online. If you need to retain the changes made on ACS2 and the rest of the deployment so that ACS1 is the standalone, do not replicate the changes anymore.

Step 2 Delete ACS2 and ACS3 from the secondary server list of ACS1.

Step 3 Delete ACS1 from ACS2, the current primary server to register ACS1 as secondary.

Now, ACS2 is the new primary server. The deployment is now fully back online, operational and has the original structure.

Scenario 2: Restoring a database backup on the primary server

For this scenario, restore a database backup on our primary server and make all secondary servers also have the restored database.

To restore a database backup on the primary server:

Step 1 Use the command acs backup and take a database backup when the deployment is working fine. Step 2 Restore the older database backup file taken when the deployment was working fine on the primary.

The following warning message is displayed.

restore AAA--?110907--?2140.tar.gpg rep chftp Restore requires restart of ACS services. Continue? (yes/no) yes

Restoring the database affects the distributed setup.

Restoring the data base will affect the distributed setup. For example, replication between primary and secondary will be broken. It is recommended to schedule a downtime

 

to carry

out the restore operation. After restore, you will have to configure each

 

secondary to local mode and then re-connect with primary. Do you want to continue with

 

restore operation?. <yes/no>:yes

 

Continuing restore…..

 

Stopping

ACS.

 

Stopping

Management and View

 

Stopping

Runtime

 

Stopping

Database

 

 

User Guide for Cisco Secure Access Control System 5.3

 

 

 

 

 

 

 

 

 

 

 

 

OL-24201-01

 

 

17-21

 

 

 

 

 

Page 510 Page 512
Page 511
Image 511
Cisco Systems OL-24201-01 manual Failover, 17-21
Page 510 Page 512
Top Page Image Contents