Database replication is a means of providing a more fault-tolerant network design. This section explains the process of database replication as well as the steps to configure database replication. Understanding Database ReplicationDatabase replication is a way for you to create a copy of the ACS database on one or more mirror systems. This process allows for the processing of authentication requests if the primary ACS goes down. You can schedule database replication, or you can perform immediate database replications. Another benefit to database replication is that the database is actually compressed before it is sent, and the secondary server has the capability to decompress the information after it has been received. The following replication process is taken from the user guide for ACS. It details the communication between the primary and secondary ACS.
To clarify a few items for you, it is important to understand that only those components that the primary is configured to send and the secondary is configured to receive are replicated. The secondary can be configured to receive other components; however, if the primary isn't configured to send them, it won't send them. The primary can be configured to send other components, but if the secondary isn't configured to receive them, it won't receive them. So all that is actually replicated is what the primary is configured to send and what the secondary is configured to receive. This replication occurs as long as they agree on at least one component. If they do not agree, replication is aborted. Additionally, if nothing has changed on the primary server since the last replication, no reason to replicate exists. Replication Versus BackupThe major difference between database replication and database backup is that database backup creates a backup file on the local drive. This can be copied to other forms of media, or to network shares, and can be used to recover a system that has failed. What database backup does not do is copy the database or portions of the database to other ACSs, known as secondary servers. By using replication, you can provide a redundant server configuration. Configuring the Primary ServerDatabase replication is found in the System Configuration section of ACS. To configure the server for database replication, follow these steps:
Configuring a Secondary ServerThe secondary server must be configured to receive the exact configuration that the primary server is sending. To configure the secondary server for database replication, follow these steps:
NOTE Keep in mind that replication can be initiated only by the primary server. Immediate ReplicationYou can perform immediate replication from the primary ACS by selecting the Cisco Secure Database Replication link and then the Replicate Now button at the bottom of the configuration page. This performs an immediate replication. Backing Up the Cisco Secure DatabaseAnother important aspect of maintaining your ACS configuration is to perform frequent database backups of the ACS database. This section covers the steps needed to perform manual backups, schedule backups, cancel scheduled backups, and recover ACS from a backup. Under the umbrella of database backup, you have the following options:
Database backups are performed from the System Configuration subsection ACS System Backup Setup. From this subsection, you can configure manual backups, which requires an administrator to force the backup process into effect or schedule a backup. If you decide to schedule a backup, you have a few options. You can back up based on an interval, the default being 60 minutes, or you can specify times to perform the database backup. To perform a backup, you must tell ACS where to store the backup file. The default location to store backup files in the directory is C:\Program Files\CiscoSecure ACS v3.1\CSAuth\System Backups This backup file is stored as a .dmp file. The file is named by date. For example, the file 21-Jul-2003 15-55-12.dmp was created at 3:55 on July 21st. Consider managing this directory if you have ACS perform automatic backups. This directory might get full fast. For this reason, you might want to keep files for a certain period of time or frequently back up this directory to external media. Manual BackupsTo perform a manual backup, select the ACS Backup link from the System Configuration section. From here, you simply need to select the Backup Now button to perform a manual backup. Scheduled BackupsTo schedule a backup, select the ACS Backup link from the System Configuration section. Choose one of the following options:
If you elect to back up at a given time interval, enter an interval or accept the default of 60 minutes. If you choose to back up at specific times, use the time grid provided to select those times. Complete the configuration by selecting Submit. You can manage the directory that backups are performed in by manipulating those options in the ACS interface. The default directory used for backup is C:\Program Files\CiscoSecure ACS v3.2\CSAuth\System Backups. No management is in place for this directory, so it can become very large, very quickly. Canceling a Scheduled BackupIt is fairly simple to cancel a scheduled backup. Simply access the ACS Backup link from the System Configuration section and change from Every __ minutes, or At specific times, to Manual backup. This cancels any further scheduled backups. Recovering ACS from a Backup fileIf you want to recover ACS from a .dmp file, select the ACS Restore link from System Configuration, choose the directory that your backup files are stored in, choose the file you want to restore from, opt for restoring user and group database and/or Cisco Secure ACS system configuration, and select the Restore Now button. |