Database Replication and Remote Database Management System (RDBMS)
Synchronization are provided with Cisco Secure ACS for Windows Server
. These utilities
automate the process of keeping the Cisco Secure ACS database and network
configuration current. Cisco Secure ACS for Windows Server supports the import
of data from ODBC-compliant databases, such as Microsoft Access and Oracle
Corporation databases. Another utility, CSUtil, provides database backup and
restore functionality.
Database Replication
Database
replication allows the administrator to do the following:
- Select the parts of the primary Cisco Secure ACS configuration to be
replicated.
- Control the timing of the replication process, including creating
schedules.
- Export selected configuration items from the primary Cisco Secure ACS.
- Securely transport selected configuration data from the primary Cisco
Secure ACS to one or more secondary Cisco Secure ACSs.
- Update the secondary Cisco Secure ACSs to create matching
configurations.
The primary Cisco Secure ACS sends replicated CiscoSecure database
components to other Cisco Secure ACSs. The secondary Cisco Secure ACS receives
replicated CiscoSecure database components from a primary Cisco Secure ACS. In
the HTML interface, these are identified as replication partners. A Cisco
Secure ACS can be both a primary Cisco Secure ACS and a secondary Cisco Secure
ACS, provided that it is not configured to be a secondary Cisco Secure ACS to a
Cisco Secure ACS for which it performs as a primary Cisco Secure ACS.
 |
NOTE:
Bidirectional replication, wherein a Cisco Secure ACS both sends
database components to and receives database components from the same remote
Cisco Secure ACS, is not supported. Replication fails if a Cisco Secure ACS is
configured to replicate to and from the same Cisco Secure ACS.
|
 |
NOTE:
All Cisco Secure ACSs involved in replication must run the same
release of the Cisco Secure ACS software. It is strongly recommend that Cisco
Secure ACSs involved in replication use the same patch level as well.
|
RDBMS Synchronization
The RDBMS Synchronization feature
enables that administrator to update the CiscoSecure user database with
information from an ODBC-compliant data source
. The
ODBC-compliant data source can be the RDBMS database of a third-party
application. It can also be an intermediate file or database that a third-party
system updates. Regardless of where the file or database resides, Cisco Secure
ACS reads the file or database via the ODBC connection. RDBMS Synchronization
supports addition, modification, and deletion for all data items it can access.
Synchronization can be configured to occur on a regular schedule, or
manually on demand.
Synchronization performed by a single Cisco Secure
ACS can update the internal databases of other Cisco Secure ACSs, so
configuration of RDBMS Synchronization only needs to occur on one Cisco Secure
ACS. Cisco Secure ACSs listen on TCP port 2000 for synchronization data. RDBMS
Synchronization communication is encrypted using 128-bit encrypted, proprietary
algorithm.
RDBMS Synchronization Components
The RDBMS
Synchronization feature comprises two components:
- CSDBSync – A dedicated Windows service that performs automated user and
group account management services for Cisco Secure ACS.
- accountActions Table – The data object that holds information used by
CSDBSync to update the CiscoSecure user database.
OBDC Import Definitions
Cisco Secure ACS supports the import
of data from ODBC-compliant databases, such as Microsoft Access or Oracle.
Importing is done using a single table to import information into one or more
ACS servers.
The CSAccupdate service processes the table and updates
local/remote ACS installations according to its configuration.