12-22-2009 06:16 PM - edited 03-10-2019 04:51 PM
Just looking for a clarification on upgrading. Short story long, 2 ACS
SEs, single remote agent being used for wireless authentication.
Current version 3.3.3.11. Upgrading to 4.1.4.13.
The ACSs are in a primary/backup. My plan is to upgrade the backup appliance offline.
That doesn't worry me, my biggest worry is in the remote agent upgrade for reasons I
won't get into here. Then upgrade the remote agent, then upgrade the primary offline.
My question is, if I do the upgrade this way, when I re-install the remote agent, should I
set the config provider to the IP of the upgraded unit (the backup). The config provider is
currently set to the primary unit. I can't determine from the docs if this is the case, but
the docs to say that the config provider must respond to the remote agent upon startup
of the remote agent. I believe this is what I need to do.
I have no problem adjuting the ini file and restarting the agent, then switching back after the
primary is upgraded, if this is what is needed. Wireless being a rather touchy subject where
I work, I can't afford extended downtime.
Once again, just looking for clarification. Any help/advice is appreciated - chris
12-23-2009 02:15 PM
Chris:
I understand your plan for upgrading appliances and remote agent server. This is actually the right practice.
We should always have the ip address of primary ACS SE as a configuration provider so If you are upgrading backup one first then let the primary server catering the authentication request and upgrade the remote agent server while upgrading the primary ACS SE.
From installation guide:
Although a remote agent can accept inbound communication from many appliances, it accepts configuration instructions from only a single appliance that you specify in the CSAgent.ini file. This special appliance is called a configuration provider.
When a remote agent starts, it reads its CSAgent.ini file to determine which services should be available and which appliance is its configuration provider. Then it contacts the configuration provider and requests its configuration.
After receiving its configuration from the configuration provider, the remote agent is available to provide the services configured in CSAgent.ini.
HTH
Regards,
JK
Plz rate helpful posts-
12-24-2009 04:51 AM
JK, I appreciate the reply. That's the clarification I needed, configuration provider is always the primary.
It just seems to me, though, that if the config provider is always the primary, then why not upgrade the primary
first and let the backup handle the auth requests. I mean, it just seems like doing the backup first doesn't
achieve a whole lot if the RA is upgraded when the primary ACS is upgraded. But I'm just thinking out loud......
Thanks again for the help - chris
12-24-2009 06:06 AM
Chris:
Well, yes you can upgrade the primary server but why I suggested you to upgrade the secondary first; all your NAS devices should have the primary server listed first so if there is no communication with primary server there might be some delay while user try to authenticate.
IMP : Whenever we change/delete the primary/secondary remote agent under external user database...group mapping will disappear.
HTH
Regards,
JK
Pla rate helpful posts-
12-24-2009 09:31 AM
Understood, just thinking out loud....the procedure just seems a little bit odd unless I'm missing something. No big deal, I'll get through it.
also, on your note about group mappings, I did see this in the documentation, but it didn't quite sink in. Now it is stuck in my head to double
check group mappings after the upgrade is done.
Thanks again, I appreciate it - chris
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide