Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Distributed mode in ACS server

Hi guys,

 

We have two ACS servers( ACS01, ACS02) running on VM( with latest 5.7 version), both contain different sets of data. we want to keep those two servers in distributed mode(ACS01 as primary and ACS02 as secondary) with full replication, if i set it up like that the data present in the ACS02 will be over written by ACS01. So is there process in moving the data present in ACS02 to ACS01 and set up those two in distributed mode.

Both ACS have different active directories present in different domains.

 

Thanks

7 REPLIES
Cisco Employee

Hi, There is not actually an

Hi,

 

There is not actually an easy way  to merge these 2 databases, what you will have to do is try to export/import the data that can be done using .csv option ( only Network devices, NDGs, Users, Identity groups, and command sets are exportable ), the rules and  all other settings will have to be configured manually.

And related to the AD domain, the ACS will only be able to join to one single domain, if you want to be able to authenticate users from a foreign domain, it will be necessary to create a 2 way trust relationship between the 2 domains ( the one ACS will be joining to and the foreign domain).

After doing that, users from foreign domain  will have to enter username+domain name to be able to authenticate.

 

 

Note: Please marked as answered if applicable.

New Member

Hi ivangonz, If i export that

Hi ivangonz,

 

If i export that data from ACS02 and import it in ACS01, does it impact the data that is already present in ACS01 ?

 

Can we migrate data from one active directory to another active directory ?

 

If you don't mind can you please share some links or procedures of how to do all this process. I am not much aware of these topics on ACS.

 

Thanks.

 

Cisco Employee

Hello, The best link I might

Hello,

 

The best link I might be able to provide for this procedures is the following:

 

http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-7/user/guide/acsuserguide/my_wkspc.html#pgfId-1131893

 

When importing and exporting this data you are able to either only add ( to the existing data) or or overwrite all the data that you already have, so you will able to add the data from one ACS to the other without loosing your current database.

 

And related to your concern if you are able to migrate data from one AD to the other, I have read it is possible by using a tool called ADMT (Active Directory Migration Tool), but not quite sure about the details on how to do it. You might want to get some AD support on it.

 

 

New Member

Instead of doing all this can

Instead of doing all this can we add everything in ACS02 to ACS01 manually and setup in distributed mode ?

Cisco Employee

Hello, Yes, that is something

Hello,

 

Yes, that is something else you can do. Manually add all what you have on ACS02 to ACS01, and once you setup the distributed deployment, you will have a mirror between the 2 ACS.

 

I proposed the import/export option since you might have a hard time manually adding all the devices, users, and groups into ACS01 in the case you had too many of these configured, but if it is better for you, you can definitely do this manual procedure.

 

New Member

Hi,After migrating all data

Hi,

After migrating all data from ACS02 to ACS01, Do we need to update the tacacs configuration in each and every device (which are present in ACS02 earlier) ? or we can keep it like that because we are doing the distributed mode with full replication, so both the servers contain same data right.

 

Thanks

Cisco Employee

Hi, Right, you do not need to

Hi,

 

Right, you do not need to add anything manually since ACS01 will replicate all its data to the secondary, with the exception of the information on the bellow link:

 

http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-7/user/guide/acsuserguide/introd.html#pgfId-1075946

 

Note: Please marked it as answered if applicable

79
Views
10
Helpful
7
Replies
CreatePlease login to create content