Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

500GB Datastore requirement to install ACS5.3 on ESX5.0???

Hi,

am wondering why ACS5.3 requires 500GB datastore? what for? do we still need this when we use external database? am in the process of migrating from ACS4.2 to 5.3 and swift reply will be appreciated.

Thanks

2 ACCEPTED SOLUTIONS

Accepted Solutions

500GB Datastore requirement to install ACS5.3 on ESX5.0???

You are correct, so you can throw 1TB of hard disk at this vm but it will never be used all the way. For the ACS to purge you have to setup incremental backups for the view database (what is referred to monitoring database) and database purging. Your best bet is to use an nfs server that the ACS can mount a purging drive. Here is some more documentaiton that will cover more about the purging cycles and etc:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.3/user/guide/viewer_sys_ops.html#wp1068157

Thanks,

Tarik Admani

Tarik Admani *Please rate helpful posts*

500GB Datastore requirement to install ACS5.3 on ESX5.0???

The iso image is for the ACS solution engine, what you need is the exe file to run on top of a supported windows machine.

thanks,

Tarik Admani
*Please rate helpful posts*

Tarik Admani *Please rate helpful posts*
49 REPLIES

500GB Datastore requirement to install ACS5.3 on ESX5.0???

This is for the amount of logs that are kept over time. This is what Cisco stands by for a production deployment.

thanks,

Tarik Admani

Tarik Admani *Please rate helpful posts*

500GB Datastore requirement to install ACS5.3 on ESX5.0???

hi Tarik,

if that is the case currently we are running ACS4.2 and all reports are configured in CSV form which i believe is stored locally. but we are running this version on windows machine with 15GB hard disk. am i missing something?

Thanks,

Kerim

500GB Datastore requirement to install ACS5.3 on ESX5.0???

From my understanding the log retention was not a requirement in acs 4.2 so once the logs files filled up to a certain point the would roll over and not exceed the file space it detected. In ACS 5 there is a sql database that is set once installed and its the hard disk that must be built in order to fit the tables that come with the software.

Thanks,

Tarik Admani

Tarik Admani *Please rate helpful posts*

500GB Datastore requirement to install ACS5.3 on ESX5.0???

Yes, we have the option to keep filesfor number of days or just to keep the X number of files last files. in my case it is configured to keep only the last 100 files. So it made sense to to use 15GB.

If i undestand correctly as stated in the documentation, if i don't provide with 500GB it will fall back to 60GB. so will it roll back per your configuration or will it overflow the log files in case of 5.3. do we have the option to set for how long we want to keep the log files like 4.2? what if i use just 60GB ? what is the downside?

500GB Datastore requirement to install ACS5.3 on ESX5.0???

60GB is only for demo purposes and there arent options for purging logs after a certain amount of days. That is one major change between the two versions also that can easily get overlooked.

I have a customers that configured 60G walked away and a few weeks later couldnt figure out why their box went down. Also per TAC policy if your deployment doesnt meet this criteria it is considered unsupported which can put you in a tough position.

Thanks,

Tarik admani

Tarik Admani *Please rate helpful posts*

500GB Datastore requirement to install ACS5.3 on ESX5.0???

Thanks TariK!

500GB Datastore requirement to install ACS5.3 on ESX5.0???

You are welcome, please dont forget to mark this resolved and please rate any posts that were helpful!

Tarik Admani *Please rate helpful posts*

500GB Datastore requirement to install ACS5.3 on ESX5.0???

Tarik,

just one more thing, so how do the ACS5.3 manages log file purging once say the 500GB is full. per the documentation i read, the ACS5.3 is never going to use anything more than the 500GB even if more is made available to it. what is the mechanism for log purging? there got to be something?

Thanks,

Kerim

500GB Datastore requirement to install ACS5.3 on ESX5.0???

Tarik,

just one more thing, so how do the ACS5.3 manages log file purging once say the 500GB is full. per the documentation i read, the ACS5.3 is never going to use anything more than the 500GB even if more is made available to it. what is the mechanism for log purging? there got to be something?

Thanks,

Kerim

500GB Datastore requirement to install ACS5.3 on ESX5.0???

You are correct, so you can throw 1TB of hard disk at this vm but it will never be used all the way. For the ACS to purge you have to setup incremental backups for the view database (what is referred to monitoring database) and database purging. Your best bet is to use an nfs server that the ACS can mount a purging drive. Here is some more documentaiton that will cover more about the purging cycles and etc:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.3/user/guide/viewer_sys_ops.html#wp1068157

Thanks,

Tarik Admani

Tarik Admani *Please rate helpful posts*

500GB Datastore requirement to install ACS5.3 on ESX5.0???

Hi Tarik,

am back again, was trying to install ACS5.3 on a VM. i couldn't even locate the iso file. all i can see are three foders: CentOS Documentation and isolinux and none of them contain a .iso file. am i missing something?

thanks,

Kerim

500GB Datastore requirement to install ACS5.3 on ESX5.0???

If you are trying to install this on a virtual machine, you download the iso from the Cisco website, then set the cd rom settings so it points to the iso file. Once you power it up it should be there.

thanks,

Tarik Admani
*Please rate helpful posts*

Tarik Admani *Please rate helpful posts*

500GB Datastore requirement to install ACS5.3 on ESX5.0???

i tried to download the software, but it requires service contract number. we already have contract but my cisco.com profile do not reflect that since we just purchased the contract. how do i go about downloading the software?

500GB Datastore requirement to install ACS5.3 on ESX5.0???

so do i have to have Service contract with Cisco to download the iso image? please let me know.

500GB Datastore requirement to install ACS5.3 on ESX5.0???

Please send a note to the technical support team and provide this link - http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.1/installation/guide/csacs_vmware.html#wp1057927

Since I am a partner I am allowed to download the software just fine. I wasnt aware that there was some entitlement required when evaluating the software.

Thanks,

Tarik Admani
*Please rate helpful posts*

Tarik Admani *Please rate helpful posts*

500GB Datastore requirement to install ACS5.3 on ESX5.0???

please help me get this right... we already purchased ACS5.3, we have the install/upgrade, migrate and licence DVDs. to to install ACS 5.3 on VM i have to download the iso image from Cisco.com. then what is the instal/upgrade CD for? the other question is why do i have to have service contract for this product to download the software once i bought the license??? just don't seem to add up.

500GB Datastore requirement to install ACS5.3 on ESX5.0???

If you purchased the licenses then you need to open a case with entitlement and have them get this contract/product registered to your CCO profile.

Thanks,

Tarik Admani
*Please rate helpful posts*

Tarik Admani *Please rate helpful posts*

500GB Datastore requirement to install ACS5.3 on ESX5.0???

thanks, this worked and i was able to download and install the ISO image. i might have told you, i am in the process of migrating from ACS 4.2 to ACS 5.3. can the migration machine be on a VM. is there an iso image for this version? currently we are running our ACS 4.2 on HP hardware. 

thanks,

Kerim

500GB Datastore requirement to install ACS5.3 on ESX5.0???

Kerim,

You can have this as a virtual machine and you will have to open a TAC case in order to get the exectuable for the ACS software. You will basically need to setup a windows server, install the executable (same version as your appliance) and any patches that may be installed on your production appliance. Once you are done with that then you will install the migration tool on this box which you can download off the acs 5.3 web UI. Also please use VNC and not remote desktop as this is not supported and will not work.

For more information here is a link that will guide you through the steps - http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.3/user/guide/migrate.html

Thanks,

Tarik Admani
*Please rate helpful posts*

Tarik Admani *Please rate helpful posts*

500GB Datastore requirement to install ACS5.3 on ESX5.0???

i opened a ticket with Cisco TAC. so let me see if i get this right. i can download the ISO image for ACS version 4.2 and run it on a VM. this machine will be used as my migration machine. so why do i need the executable file? what is it for? i thought the iso image is enough.

500GB Datastore requirement to install ACS5.3 on ESX5.0???

The iso image is for the ACS solution engine, what you need is the exe file to run on top of a supported windows machine.

thanks,

Tarik Admani
*Please rate helpful posts*

Tarik Admani *Please rate helpful posts*

500GB Datastore requirement to install ACS5.3 on ESX5.0???

thanks Tarik! am working with TAC to get the exe.

500GB Datastore requirement to install ACS5.3 on ESX5.0???

Hi Tarik,

i was able to connect to the migration machine via VNC. but i still can't run the migration utility. i got to run the export and analysis and also the import steps from the migration machine using the migration utility. how do i do that ? what kind of tool should i be using to run the migration utility?

Thanks,

Kerim

Re: 500GB Datastore requirement to install ACS5.3 on ESX5.0???

Hi,

I have attached the guide to this thread, you can download the migration guide from the ACS 5.3. Chapter 6 covers how to run the migration script. The previous chapter go through the basics and how to get the migration tool on your workstation.

Thanks,

Tarik Admani
*Please rate helpful posts*

Tarik Admani *Please rate helpful posts*

Re: 500GB Datastore requirement to install ACS5.3 on ESX5.0???

Hi Tarik,

so far all went well and thanks to you for that. But, my external autherntication server is not working. we are using RSA Server. all users(using RSA) migrated  to ACS5.3 were in a disabled state. I added the host agent (ACS server) to RSA server and generated the node secret file (.rec) and imported it to acs5.3 server. still not working. users with local password works fine. am i missing something.

Re: 500GB Datastore requirement to install ACS5.3 on ESX5.0???

Kerim,

See if you can follow some of the options in this guide here - http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.3/user/guide/users_id_stores.html#wp1134728

I personally havent configured RSA outside of what you did, see if you can follow some of the advanced options to see if you can get this to work.

thanks,

Tarik Admani
*Please rate helpful posts*

Tarik Admani *Please rate helpful posts*

Re: 500GB Datastore requirement to install ACS5.3 on ESX5.0???

thanks Tarik,

but i tried what is stated on the documentation. something i don't understand, when you genrerate the node secret file on the RSA server you will be required to use password. you will not be required to use this password to import the secret file to acs 5.3 server. is there something more to be done besides just browsing and locate the file and importing it. the satus for sdconf.rec file is not created on my acs server.

500GB Datastore requirement to install ACS5.3 on ESX5.0???

From the cli of the ACS can you ping the RSA appliance, are they on the same network or site?

As far as importing the .rec file it should be what the guide states.

Tarik Admani
*Please rate helpful posts*

Tarik Admani *Please rate helpful posts*

500GB Datastore requirement to install ACS5.3 on ESX5.0???

Found this in a thread here - https://supportforums.cisco.com/thread/2004950

Try to remove the configuration from the RSA and try it again using these steps:

First:- you should add Cisco ACS as the Radius client in RSA.

Second:-  Then generate the cofiguration file from RSA:- Security  Console-->Access-->Authetication agents-->generate  configuration file.

Third:- Import this configuration file in cisco ACS:-Users and Identity Stores --> External Identity Stores --> RSA SecurID Token Servers--> Create-->RSA Realm (Tab)

Enter whatever name you want.

At the bottom there is an option "Import new"sdconf.rec" file".

Import the above generated file from RSA and you are done.

At the bottom there is an option "Import new"sdconf.rec" file".

Import the above generated file from RSA and you are done.

Tarik Admani
*Please rate helpful posts*

Tarik Admani *Please rate helpful posts*
2036
Views
72
Helpful
49
Replies
CreatePlease login to create content