Cisco Systems OL-24201-01 Camera Accessories User Manual


 
17-2
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 17 Configuring System Operations
Understanding Distributed Deployment
Understanding Distributed Deployment
You can configure multiple ACS servers in a deployment. Within any deployment, you designate one
server as the primary server and all the other servers are secondary servers.
In general, you make configuration changes on the primary server only, and the changes are propagated
to all secondary servers, which can then view the configuration data as read-only data. A small number
of configuration changes can be performed on a secondary server, including configuration of the server
certificate, and these changes remain local to the server.
There is no communication between the secondary servers. Communication happens only between the
primary server and the secondary servers. The secondary servers do not know the status of the other
secondaries in their deployment.
ACS allows you to deploy an ACS instance behind a firewall. Table 17-1 lists the ports that must be open
on the firewall for you to access ACS through the various management interfaces.
Note You cannot Translate Network Address between the nodes in distributed deployment.
The Distributed System Management page can be used to monitor the status of the servers in a
deployment and perform operations on the servers.
Table 17-1 Ports to Open in Firewalls
Service Port
ACS Web Interface/Web Service 443
Database replication TCP 2638
RADIUS server
1812 and 1645 (RADIUS authentication and
authorization)
1813 and 1646 (RADIUS accounting)
If your RADIUS server uses port 1812,
ensure that your PIX firewall software is
version 6.0 or later. Then, run the following
command to use port 1812:
aaa-server radius-authport 1812
Replication over the Message Bus TCP 61616
RMI TCP 2020 (for RMI registry service)
TCP 2030 (for incoming calls)
SNMP (for request) UDP 161
SNMP (for notifications) UDP 162
SSH 22
TACACS+ server TCP 49
View Collector UDP 20514