Filter
Top Products
2-14
Configuration Guide for Cisco Secure ACS 4.2
OL-14390-02
Chapter 2 Deploy the Access Control Servers
Deploying ACS Servers to Support Server Failover
• Client configuration—How to configure the client.
• Reports and event (error) handling—What information to include in the logs.
Replication Design
Because database replication in a ACS is a top-down approach, using the cascade method minimizes
replication-induced downtime on the master server. If the primary server is not used for authentication
services, but for database maintenance only, the cascade method may not be as critical.
However, when traveling across time zones, particularly international time zones, it may be necessary to
use the cascade method going to remote secondaries. In this case, when you configure database
replication on the Database replication setup page, click At specific times instead of Automatically
triggered cascade.
Use the automatically triggered cascade method so that local replication occurs during a time that will
minimize the impact on user authentication. During these long-distance replications, replicating to the
backup or secondary server first also helps reduce this impact.
Figure 2-10 shows a hypothetical
deployment for replication where each region has a primary and a secondary ACS deployed. In this
scenario, replication is made to the secondary servers to avoid replication downtime to the primary, but,
may not be needed if the primary is used mainly for database maintenance but not for authentication.
Figure 2-10 ACS Database Replication Scenario
Database Synchronization Considerations
An alternative to database replication is the use of Relational Database Management System (RDBMS)
synchronization. You use the RDBMS synchronization feature to update the ACS user database with
information from an Open Database Connectivity (ODBC)-compliant data source. The
ODBC-compliant data source can be the RDBMS database of a third-party application. It can also be an
intermediate file or database that a third-party system updates. Regardless of where the file or database
resides, ACS reads the file or database via the ODBC connection. RDBMS synchronization supports
addition, modification, and deletion for all data items it can access.
Master
system 1
A
Master/
secondary
system 2
A
Secondary
system 2
Secondary
remote-system
Secondary
remote-system
California
California
China
158371
A
A