Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
763
Views
5
Helpful
2
Replies

ACS load balancing

Go to solution
aalsayed
Level 1
Level 1

‎05-30-2006 03:02 AM - edited ‎03-10-2019 02:36 PM

if i have CSS and i want to load balance between 2 ACS . do i have to make one of them active and seoncde backup or i can load balance between bother server .

if yes is this will not effect the authentication and databse .

if there is any artical it wile be more better

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
darpotter
Level 5
Level 5

‎05-30-2006 01:14 PM

Hi

A more typical approach would involve a third "master" server that is used for admin tasks. This replicates config to the two load balanced slaves.

Darran

View solution in original post

2 Replies 2

Go to solution
a.kiprawih
Level 7
Level 7

‎05-30-2006 05:57 AM

Hi,

Cisco ACS has a replication feature that allows you to have more than one (1) ACS servers/appliances to provide high-availability/ redundancy. In this case, you will have one primary and more than one secondary (backup) servers.

The database replication creates mirror systems of ACSs by duplicating parts of the primary ACS setup to one or more secondary ACSs. Without load-balancer, you need to add both primary and secondary ACSs in all AAA clients as backup if the primary ACS fails or is unreachable. With a secondary ACS whose ACS internal database is a replica of the ACS internal database on the primary ACS, if the primary ACS goes out of service, incoming requests are authenticated without network downtime, provided that your AAA clients are configured to fail over to the secondary ACS.

The following url provides you with details on how the ACS replication is performed:

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs40/user/sad.htm#wp756102

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs40/user/index.htm

I am not sure about load-balancing two ACSs, but you probably can try this. Behind a load-balancer, maintain the primary/secondary server setup to enable replication (selected items only) from primary to secondary ACS. But pls bear in mind, in replication, only the Primary ACS can send update to backup server, not bidirectional. Backup/secondary ACS can only receive updates. Use the replication features as an update tool between the servers. All changes/updates must be made in your primary ACS only.

In normal ACS replication, all AAA clients need to specify primary and secondary ACS server as backup. With load-balancer, only one (1) IP need is required, which is the virtual IP assigned by load-balancer to represent the two ACSs.

Rgds,

AK

0 Helpful

Go to solution
darpotter
Level 5
Level 5

‎05-30-2006 01:14 PM

Hi

A more typical approach would involve a third "master" server that is used for admin tasks. This replicates config to the two load balanced slaves.

Darran

Customers Also Viewed These Support Documents