beautypg.com

Cisco 3.3 User Manual

Page 333

background image

9-5

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

Chapter 9 System Configuration: Advanced

CiscoSecure Database Replication

c.

The primary Cisco Secure ACS verifies that the version of Cisco Secure
ACS that the secondary Cisco Secure ACS is running is the same as its
own version of Cisco Secure ACS. If not, replication fails.

d.

The primary Cisco Secure ACS compares the list of database
components it is configured to send with the list of database components
the secondary Cisco Secure ACS is configured to receive. If the
secondary Cisco Secure ACS is not configured to receive any of the
components that the primary Cisco Secure ACS is configured to send, the
database replication fails.

3.

After the primary Cisco Secure ACS has determined which components to
send to the secondary Cisco Secure ACS, the replication process continues on
the primary Cisco Secure ACS as follows:

a.

The primary Cisco Secure ACS stops its authentication and creates a
copy of the CiscoSecure database components that it is configured to
replicate. During this step, if AAA clients are configured properly, those
that usually use the primary Cisco Secure ACS failover to another
Cisco Secure ACS.

b.

The primary Cisco Secure ACS resumes its authentication service. It also
compresses and encrypts the copy of its database components for
transmission to the secondary Cisco Secure ACS.

c.

The primary Cisco Secure ACS transmits the compressed, encrypted
copy of its database components to the secondary Cisco Secure ACS.
This transmission occurs over a TCP connection, using port 2000. The
TCP session uses a 128-bit encrypted, Cisco-proprietary protocol.

4.

After the preceding events on the primary Cisco Secure ACS, the database
replication process continues on the secondary Cisco Secure ACS as follows:

a.

The secondary Cisco Secure ACS receives the compressed, encrypted
copy of the CiscoSecure database components from the primary
Cisco Secure ACS. After transmission of the database components is
complete, the secondary Cisco Secure ACS decompresses the database
components.

b.

The secondary Cisco Secure ACS stops its authentication service and
replaces its database components with the database components it
received from the primary Cisco Secure ACS. During this step, if AAA
clients are configured properly, those that usually use the secondary
Cisco Secure ACS failover to another Cisco Secure ACS.