Jatin Katyal Wed, 01/27/2010 - 05:28


Hi Atif,


The replication time interval should always be higher.


Reason: Everytime you replicate the data it requires ACS services to restart so doing this frequently may affect your production enviroment.


However, if you want to replicate internal user's password then there is an option to replicate password changes right awayvwithout a full replication.  You can enable this option under System Configuration -> Local Password Management.  With this enabled you could potentially set the replications to a larger interval.


It also depend how often you do changes in your ACS. If its normal then I would say set it to every sunday 12:00 PM.



This is how replication happens:


The primary ACS stops its authentication and creates a copy of the ACSinternal database components that it is configured to replicate. During this
step, if AAA clients are configured properly, those that usually use the primary ACS fail over to another ACS. The primary ACS resumes its authentication service.

After the preceding events on the primary ACS, the database replication process continues on the secondary ACS. The secondary ACS stops its authentication service and replaces its database components with the database components that it received from the primary ACS. During this step, if AAA clients are configured properly, those that usually use the secondary ACS fail over to another ACS. The secondary ACS resumes its authentication service.


HTH

Regards,

JK


Plz rate helpful posts-

Ganesh Hariharan Thu, 01/28/2010 - 02:46

Hi,

I want to know what is best practise for duration of replicaation of database between two Cisco ACS.

Regards,

Atif.

Hi Atif,

Whenever there is replication between primary and secondary ACS services get haulted for that particular interval so best recommendation is to replicate twice a day one at morning and the second at the evening time.

Hope to help

Ganesh.H

Actions

This Discussion