Filter
Top Products
17-21
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 17 Configuring System Operations
Replicating a Secondary Instance from a Primary Instance
Failover
ACS 5.3 allows you to configure multiple ACS instances for a deployment scenario. Each deployment
can have one primary and multiple secondary ACS server.
Scenario 1: Primary ACS goes down in a Distributed deployment
Consider we have three ACS instances ACS1, ACS2, and ACS3.
ACS1 is the primary, and ACS2 and ACS3 are secondaries. You cannot make any configuration changes
on the secondary servers when the primary server ACS1 is down. If all other secondary ACS servers are
active, we can make any secondary server as a primary server.
Step 1 Promote the ACS2 to the primary for the time being and use it to make configuration changes.
See Promoting a Secondary Instance from the Distributed System Management Page, page 17-17 and
Promoting a Secondary Instance from the Deployment Operations Page, page 17-18 to promote a
secondary ACS server as a primary server.
Now, ACS2 is the new primary instance. So, we can make the configuration changes on ACS2 and it will
be instantly replicated to ACS3 and on all secondary servers.
Now, consider the ACS1 is back online. If you need to retain the changes made on ACS2 and the rest of
the deployment so that ACS1 is the standalone, do not replicate the changes anymore.
Step 2 Delete ACS2 and ACS3 from the secondary server list of ACS1.
Step 3 Delete ACS1 from ACS2, the current primary server to register ACS1 as secondary.
Now, ACS2 is the new primary server. The deployment is now fully back online, operational and has the
original structure.
Scenario 2: Restoring a database backup on the primary server
For this scenario, restore a database backup on our primary server and make all secondary servers also
have the restored database.
To restore a database backup on the primary server:
Step 1 Use the command acs backup and take a database backup when the deployment is working fine.
Step 2 Restore the older database backup file taken when the deployment was working fine on the primary.
The following warning message is displayed.
restore AAA--?110907--?2140.tar.gpg rep chftp Restore requires restart of ACS services.
Continue? (yes/no) yes
Restoring the database affects the distributed setup.
Restoring the data base will affect the distributed setup. For example, replication
between primary and secondary will be broken. It is recommended to schedule a downtime
to carry out the restore operation. After restore, you will have to configure each
secondary to local mode and then re-connect with primary. Do you want to continue with
restore operation?. <yes/no>:yes
Continuing restore…..
Stopping ACS.
Stopping Management and View...............
Stopping Runtime.......
Stopping Database........