Chapter 8 Establishing Cisco Secure ACS System Configuration
CiscoSecure Database Replication
8-12
User Guide for Cisco Secure ACS for Windows Server
78-14696-01, Version 3.1
Replication Process
This topic describes the process of database replication, including the interaction
between a primary Cisco Secure ACS and each of its secondary
Cisco Secure ACSes.
1.
The database replication process begins when the primary Cisco Secure ACS
contacts the secondary Cisco Secure ACS. In this initial connection, the
following four events occur:
a.
The two Cisco Secure ACSes perform mutual authentication based upon
the shared secret of the primary Cisco Secure ACS. If authentication
fails, replication fails.
Note
On the secondary Cisco Secure ACS, the AAA Servers table entry for
the primary Cisco Secure ACS must have the same shared secret that
the primary Cisco Secure ACS has for itself in its own AAA Servers
table entry. The secondary Cisco Secure ACS’s shared secret is
irrelevant.
b.
The secondary Cisco Secure ACS verifies that it is not configured to
replicate to the primary Cisco Secure ACS. If it is, replication is aborted.
Cisco Secure ACS does not support bidirectional replication, wherein an
Cisco Secure ACS can act as both a primary and a secondary
Cisco Secure ACS to the same remote Cisco Secure ACS.
c.
The primary Cisco Secure ACS verifies that the version of
Cisco Secure ACS that the secondary Cisco Secure ACS is running is the
same as its own version of Cisco Secure ACS. If not, replication fails.
d.
The primary Cisco Secure ACS compares the list of database
components it is configured to replicate with the list of database
components the secondary Cisco Secure ACS is configured to replicate.
The primary Cisco Secure ACS only replicates those database
components that it is configured to send and that the secondary
Cisco Secure ACS is configured to receive. If the secondary
Cisco Secure ACS is not configured to receive any of the components
that the primary Cisco Secure ACS is configured to send, the database
replication fails.