Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
664
Views
7
Helpful
6
Replies

ACS Replication !

Go to solution
sachinraja
Level 9
Level 9

‎12-30-2008 07:26 AM - edited ‎03-10-2019 04:15 PM

Hello All

I know that the ACS replicates the entire database from primary to secondary, and not vice-versa.. My scenario is:

primary ACS goes down, and the secondary takes over.. now, all user addition etc, is done on the secondary ACS.. now, when the primary comes back again, will it overwrite the secondary database and should we recreate the configs ? or is it that the secondary ACS replicates its data to primary ? its kinda confusing !

I'm gonna do ACS replication in a few days, and wanted to be really sure of this.

Raj

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Pravin Phadte
Level 5
Level 5

‎12-31-2008 03:34 AM

Hi,

So you configure a redudant ACS server as secondary.

All the database from the primary will be replicated to secondary.

As you said what happes if secondary takes over and configuration is done on the secondary.

It will be reflected on primary. depends how you configure it.

check it has the option for send and recive.

this link will be very helpful for you.

http://www.cisco.com/en/US/products/sw/secursw/ps2086/prod_configuration_examples_list.html

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Pravin Phadte
Level 5
Level 5

‎12-31-2008 03:34 AM

Hi,

So you configure a redudant ACS server as secondary.

All the database from the primary will be replicated to secondary.

As you said what happes if secondary takes over and configuration is done on the secondary.

It will be reflected on primary. depends how you configure it.

check it has the option for send and recive.

this link will be very helpful for you.

http://www.cisco.com/en/US/products/sw/secursw/ps2086/prod_configuration_examples_list.html

0 Helpful

Go to solution
Pravin Phadte
Level 5
Level 5
In response to Pravin Phadte

‎12-31-2008 03:43 AM

attached

Preview file
50 KB
0 Helpful

Go to solution
Jagdeep Gambhir
Level 10
Level 10

‎12-31-2008 03:35 AM

Raj,

ACS performs only one way replication ie from primary to secondary and not other way.

So if you have made changes in secondary acs , it will not be replicated, You need to manually add the changes in primary acs.

Regards,

~JG

Do rate helpful posts

Go to solution
sachinraja
Level 9
Level 9
In response to Jagdeep Gambhir

‎12-31-2008 07:11 AM

Right JG.. Just wanted to confirm on this ! Doesnt it look like a flaw :) There should have been something like HSRP or pre-empt concept here, but i know it is really tough to manage from NAD point of view..

Thanks

0 Helpful

Go to solution
darpotter
Level 5
Level 5

‎01-07-2009 09:13 AM

The *only* safe way to manage this is to have a config master onto which all management is done.

Have this replicate to master and slave servers which service actual authentication traffic.

Since admin changes rarely cause ACS crashes its unlikely the primary would ever be unavailable for more than a few seconds (during initial stage of outbound replication, or someone clicks submit+restart)

Go to solution
sachinraja
Level 9
Level 9
In response to darpotter

‎01-07-2009 12:21 PM

Thanks for the reply..

Raj

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents