06-05-2007 02:54 AM
I have 2 sites that are going to be using LMS (2.5.1 at the moment). Site 1 LMS is already up but still awaiting for site 2 to be done. Would you reecommend DCR master/slave as opposed two standalone setups working as active-active?
When I was on a TAC call I asked out of interest and he said that Cisco does not support the DCR master/slave setup and if the master goes down you have to manually setup the slave to make it a master.
Will be using ACS on both sites installed on the LMS servers.
Any sugestions would be appreciated.
06-05-2007 03:08 AM
As i know ACS, and LMS on the same machine is not supported by Cisco. Also I do not recommend ACS integration even with ACS installed on separate machines at all. I got lots of trouble setting up ACS integration at our customer.
Some issues:
-Registering modules in ACS via HTTPS is not working. LMS still tries to connect ACS via HTTP. Must register from CLI
-In RME some scheduled jobs (config/inv. coll, poll) are not running. "user has now privilege to run this job"
-Modified groups in ACS. After nearly all devices in LMS appeared as "not managed in ACS". After LMS reboot everything was fine...
06-05-2007 04:16 AM
I am really surprised someone in TAC told you we don't support DCR master/slave. That's just plain wrong. DCR master/slave is 100% supported, and would be a good thing to do here provided you want to share the same device and credentials list on both servers. However, with two different ACS servers, a master/slave configuration may not be what you're going for.
If you integrate LMS with ACS, you really want all LMS servers to point to the same ACS server (or cluster of ACS servers) as each LMS-managed device must be in the same ACS server with which LMS is integrated. Now, if both of these ACS servers will be synced to each other, then DCR master/slave is back on the table. In that case, you should also consider configuring Single Sign-On master/slave across both servers.
But, as has already been said, do NOT install ACS and LMS together. This configuration will cause serious performance problems, and integration may outright fail. This is on top of the inherent security risks incurred by mixing NMS with your network admission system.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide