Currently I am running ACS 3.3.2 on Windows. I have been looking to upgrade to 3.3.4, but I see that 4.1 is also available. According to the release notes in 4.1 it looks like you need to go to 3.3.3 first (not 3.3.4). My question is if I go to 3.3.4 can I not upgrade to 4.1 later? If that is the case I will just go to 3.3.3 now. I would like to get to 4.1 at some point, but it looks like either way I have to upgrade to 3.3.x first.
If I want to go to 4.1 do I need to pay for it. We do have a maint contract for the software but I was not sure if it would allow me to go to 4.x version or am I stuck at a 3.x version unless I pay.
Thanks in advance.
The updates are downloadable trough the CCO.
So that will not cost any extra money ...
If you find this post usefull
please don't forget to rate this
I'm going through this excercise currently and have found the ansers to the questions you asked.
The only supported upgrade path from 3.3.2 to 4.1 is to upgrade to 3.3.3 and then upgrade to 4.1. This is due to the backend server archetecture changing drastically. In 3.x information was stored in registry keys as well as the propriatary database. Everything is now contained in a standard Sybase iAnywhere DB. The only reason you would want to migrate from one version to another is the investment in time that you've made with authentication profiles, certificates, and accounts. I had thousands of items so upgrading was my only choice outside of hiring someone to input all that information again.
If you upgrade from 3.3.2 to 3.3.4 it is a dead end. There is no supported upgrade from 3.3.4 to 4.X. On the splash screen of 3.3.4 you get the following:
Please note that Cisco Secure ACS 3.3 is the final ACS 3 platform release. Cisco service and support for ACS 3.3 ends by August 28, 2009. Cisco recommends that you migrate to the current ACS 4 platform.
If you look at the EOL/EOS page for CiscoSecure ACS you'll see that even with the 2009 time period listed on the software, they stop making patches much earlier.
4.X is a major release so you will need to purchase it again. Software maintenance only covers upgrades within major release trains.
VERY interresting. That is exactly what I thought, however Cisco is telling me different. They are saying I can go from 3.3.4 to 4.x. So my best bet is to go to 3.3.3 so I dont end up in a 'dead end'.
I am also going to open another ticket with Cisco on this one. I am scheduled to do the upgrade tomorrow (3/6) and I dont want to shoot myself in the foot.
I already have a quote for 4.x upgrade and planned on doing it later this year.
The key word is "supported". Reading the installation guide for 4.1 (4.1.1 build 23 is the current shipping release) these are the only supported paths:
ACS Upgrade Requirements
ACS supports the following upgrade paths. These paths have been tested and are supported:
?Cisco Secure ACS for Windows, release 3.3.3 to ACS 4.1
?Cisco Secure ACS for Windows, release 4.0 to ACS 4.1
?For releases of ACS prior to ACS 3.3.3, you must first upgrade to ACS 3.3.3, then upgrade to ACS 4.1.
For information about upgrading from previous versions of ACS, see Reinstalling or Upgrading ACS.
That is the exact text I have sitting on my desk and the reason I opened a TAC case to verify. I have another ticket open with them to verify, I will post the results of that.
Looks like I am going to 3.3.3
OK, I think I have it now. Here is Ciscos response.
There are 2 version of ACS 4.0 & 4.1. The upgrade path depends on the 4.x version you want to install.
+ For version 4.0:-
We tested upgrades to Cisco Secure ACS for Windows Server, releases 3.3.3, 3.3.2, 3.3.1*, 3.2.3, 3.2.2*, 3.2.1*, 3.1.2*, and 3.04*.
*First upgrade to Cisco Secure ACS for Windows Server, release 3.3.3, then upgrade to release 4.0.
+ For version 4.1:-
We tested upgrades to ACS for Windows Server 4.1 from releases 4.0.1, 3.3.4 and 3.3.3 directly, 3.3.2**, 3.3.1**, 3.2.3**, 3.2.2*, 3.2.1*, 3.1.2*, and 3.0.4*.
* You should first upgrade to Cisco Secure ACS for Windows Server, release 3.3.3 or 3.3.4.
** You should first upgrade to Cisco Secure ACS for Windows Server, release 3.3.3, 3.3.4, or 4.0.1.
After you upgrade to ACS release 3.3.3, 3.3.4, or 4.0.1, you can then upgrade to release 4.1.
Thats interesting because my High Touch Engineer recommended that we don't do the 3.3.4 to 4.1 migration. I wonder if theres some underlying problem ? I do know that it took me about an hour and a half for the data migration portion of the upgrade.
The weird part is I know I was looking at the docs a few weeks ago and I swear it said 3.3.3 was the only previous version you can upgrade to 4.x. The Cisco Engineer told me that 4.0 came out before 3.3.4 and that is why you can not upgrade to it. 4.1 was released after and they have tested it. can you maybe check with your contacts to see if this is true.
I did look at the documentation and the install guide was from November, definately before 3.3.4 was released... but funny thing is 4.1 build 23 just was released! I've already migrated my data so its a moot point.