The replication time interval should always be higher.
Reason: Everytime you replicate the data it requires ACS services to restart so doing this frequently may affect your production enviroment.
However, if you want to replicate internal user's password then there is an option to replicate password changes right awayvwithout a full replication. You can enable this option under System Configuration -> Local Password Management. With this enabled you could potentially set the replications to a larger interval.
It also depend how often you do changes in your ACS. If its normal then I would say set it to every sunday 12:00 PM.
This is how replication happens:
The primary ACS stops its authentication and creates a copy of the ACSinternal database components that it is configured to replicate. During this step, if AAA clients are configured properly, those that usually use the primary ACS fail over to another ACS. The primary ACS resumes its authentication service.
After the preceding events on the primary ACS, the database replication process continues on the secondary ACS. The secondary ACS stops its authentication service and replaces its database components with the database components that it received from the primary ACS. During this step, if AAA clients are configured properly, those that usually use the secondary ACS fail over to another ACS. The secondary ACS resumes its authentication service.
I want to know what is best practise for duration of replicaation of database between two Cisco ACS.
Whenever there is replication between primary and secondary ACS services get haulted for that particular interval so best recommendation is to replicate twice a day one at morning and the second at the evening time.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...