Chapter8 E stablishing CiscoSecure ACS System Configuration
CiscoSecure Database Replication
8-8
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Note All Cisco Secure ACS servers involved in replication must run the same
release of the Cisco Secure ACS software, including patch level. For example,
if the primary Cisco Secure ACS server is running Cisco Secure ACS
version 3.0.1, all secondary Cisco Secure ACS servers should be running
Cisco Secure ACS version 3.0.1.
Replication ProcessThe database replication process in this section describes the interaction between
a primary Cisco Secure ACS server and a secondary Cisco Secure ACS server.
This process occurs between a primary Cisco Secure ACS server and each of its
secondary Cisco Secure ACS servers.
The database replication process begins when the primary Cisco Secure ACS
server compares the list of database components it is configured to replicate with
the list of database components each secondary Cisco Secure ACS server is
configured to replicate. The primary Cisco Secure ACS server only replicates
those database components that it is configured to send and that the secondary
Cisco Secure ACS server is configured to receive. If the secondary
Cisco Secure ACS server is not configured to receive any of the components that
the primary Cisco Secure ACS server is configured to send, the database
replication is aborted.
After the primary Cisco Secure ACS server has determined which components to
send to the secondary Cisco Secure ACS server, the replication process continues
on the primary Cisco Secure ACS server as follows:
1. The primary Cisco Secure ACS server stops its authentication and creates a
copy of the CiscoSecure database components that it is configured to
replicate. During this step, if AAA clients are configured properly, those that
usually use the primary Cisco Secure ACS server failover to another
Cisco Secure ACS server.
2. The primary Cisco Secure ACS server resumes its authentication service. It
also compresses and encrypts the copy of its database components for
transmission to the secondary Cisco Secure ACS server.
3. The primary Cisco Secure ACS server transmits the compressed, encrypted
copy of its database components to the secondary Cisco Secure ACS server.
This transmission occurs over a TCP connection, using port 2000. The TCP
session uses an encrypted, Cisco-proprietary protocol.