Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
606
Views
4
Helpful
5
Replies

Consolidating/Merging ACS 4.2 servers

Go to solution
max12341234
Level 1
Level 1

‎02-27-2009 11:31 AM - edited ‎03-10-2019 04:21 PM

Hi, We have 2 ACS servers each handling different sets of several hundred devices. I need to merge the 2 databases (users, groups and devices) into a third ACS 4.2 server.

My thoughts are to do a backup of one and do a restore on the new server. Now, I need to find a way to import the users, groups and devices from the second ACS server into the new consolidated ACS. I've been searching, and I have not found a way to import the users, groups and devices without removing the devices that were added from the first ACS sever. Does anyone have any recommendations?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
darpotter
Level 5
Level 5
In response to max12341234

‎03-02-2009 11:22 AM

Try this. On each ACS server run CSSupport (or the support page in ACS Admin) to generate a package cab.

If you open the cab there will be two CSV files - one for NDGs and one for devices.

Using excel you can merge these two CSVs. To get the data back into ACS you'll need to create an account actions CSV file and process it with RDBMS Sync.

Action code 250 adds an NDG

Action code 220 adds a device

Action code 252 assigns device to NDG

It might sound like a chore, but its largely a cut and paste exercise.

If you routinely use RDBMS sync to add your devices it means you'll always have an up-to-date actions file that you can throw at another server should you need to.

Full info on RDBMS Sync at http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/user/A_RDBMS.html

The simpler way is to download the SQL Anywhere developer tools and ask Cisco about loading up the ndg and device tables directly from CSV files. It can be done but I doubt they'll give you the database sa password.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Ivan Martinon
Level 7
Level 7

‎02-27-2009 06:28 PM

hey there, sadly there is not straight forward way to do this and instead you might have to go over several processes and even like that it is not a guarantee that all the information will persist intact. With this I mean that some of the information you will have to manually put it yourself.

I am thinking first that you would need to tell us whether you have ACS Solution Engine or ACS for Windows. Reason for this is due to the fact that what I will suggest is using the CSUtil tool that the ACS for windows has.

Now assuming you do have ACS for windows, you can use CSUtil to dump all of your users and groups into a file which has the users categorized under the groups, you can use this file to merge it with the other one and then use it to import it (after having edited it) to the 3rd one, then you will have your users and groups. I don't think, however, that this applies for your network devices though. Check the link for CSUtil and see if this helps to achieve your goal or gets you closer to your goal.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/A_CSUtil.html

Go to solution
max12341234
Level 1
Level 1

‎02-27-2009 06:42 PM

Hi, Thanks for the message. We have a small number of network admins and groups, so I'm not as concerned about the users and groups, although I would have to make sure I configure all of the restrictions.

The most time consuming task will be to manually enter all of the AAA devices and I didn't see a way to export/import devices in the documentation.

0 Helpful

Go to solution
darpotter
Level 5
Level 5
In response to max12341234

‎03-02-2009 11:22 AM

Try this. On each ACS server run CSSupport (or the support page in ACS Admin) to generate a package cab.

If you open the cab there will be two CSV files - one for NDGs and one for devices.

Using excel you can merge these two CSVs. To get the data back into ACS you'll need to create an account actions CSV file and process it with RDBMS Sync.

Action code 250 adds an NDG

Action code 220 adds a device

Action code 252 assigns device to NDG

It might sound like a chore, but its largely a cut and paste exercise.

If you routinely use RDBMS sync to add your devices it means you'll always have an up-to-date actions file that you can throw at another server should you need to.

Full info on RDBMS Sync at http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/user/A_RDBMS.html

The simpler way is to download the SQL Anywhere developer tools and ask Cisco about loading up the ndg and device tables directly from CSV files. It can be done but I doubt they'll give you the database sa password.

0 Helpful

Go to solution
max12341234
Level 1
Level 1
In response to darpotter

‎03-03-2009 09:08 AM

Thanks darpotter!

0 Helpful

Go to solution
jtrudelcisco
Level 1
Level 1
In response to max12341234

‎04-07-2010 05:55 AM

Can anyone confirm, that this also works for 4.2.1?

I have the Package.Cab, but it looks like the only .csv files are the logs.

I see the users/gropups in "UserTable.txt" but I can't seem to find anything with NDGs or Clients in it?

Thanks

0 Helpful
Customers Also Viewed These Support Documents