Cisco 3.3 User Manual
Page 342
Chapter 9 System Configuration: Advanced
CiscoSecure Database Replication
9-14
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
Note
The items in the AAA Server and Replication lists reflect the AAA
servers configured in the AAA Servers table in Network
Configuration. To make a particular Cisco Secure ACS available as a
secondary Cisco Secure ACS, you must first add that Cisco Secure
ACS to the AAA Servers table of the primary Cisco Secure ACS.
–
AAA Server—This list represents the secondary Cisco Secure ACSes
that this primary Cisco Secure ACS does not send replicated components
to.
–
Replication—This list represents the secondary Cisco Secure ACSes
that this primary Cisco Secure ACS does send replicated components to.
•
Replication timeout—Use this text box to specify the number of minutes
that this primary Cisco Secure ACS continues replicating to a secondary
Cisco Secure ACS. When the timeout value is exceeded, Cisco Secure ACS
terminates replication to the secondary Cisco Secure ACS is was attempting
to replicate to and then it restarts the CSAuth service. The replication timeout
feature helps prevent loss of AAA services due to stalled replication
communication, which can occur when the network connection between the
primary and secondary Cisco Secure ACS is abnormally slow or when a fault
occurs within either Cisco Secure ACS. The default value is five minutes.
Tip
The size of the components replicated affects the time required for replication. For
example, replicating a user database containing 80,000 user profiles takes more
time than replicating a user database containing 500 user profiles. You may need
to monitor successful replication events to determine a reasonable timeout value
for your implementation.
Note
Cisco Secure ACS does not support bidirectional database replication. A
secondary Cisco Secure ACS receiving replicated components verifies that the
primary Cisco Secure ACS is not on its Replication list. If not, the secondary
Cisco Secure ACS accepts the replicated components. If so, it rejects the
components.