Cisco Secure Access Control Server for Windows
Keeping databases current

Database Replication and Remote Database Management System (RDBMS) Synchronization are provided with Cisco Secure ACS for Windows Server . These utilities automate the process of keeping the Cisco Secure ACS database and network configuration current. Cisco Secure ACS for Windows Server supports the import of data from ODBC-compliant databases, such as Microsoft Access and Oracle Corporation databases. Another utility, CSUtil, provides database backup and restore functionality.

Database Replication
Database replication allows the administrator to do the following:

  • Select the parts of the primary Cisco Secure ACS configuration to be replicated.
  • Control the timing of the replication process, including creating schedules.
  • Export selected configuration items from the primary Cisco Secure ACS.
  • Securely transport selected configuration data from the primary Cisco Secure ACS to one or more secondary Cisco Secure ACSs.
  • Update the secondary Cisco Secure ACSs to create matching configurations.

The primary Cisco Secure ACS sends replicated CiscoSecure database components to other Cisco Secure ACSs. The secondary Cisco Secure ACS receives replicated CiscoSecure database components from a primary Cisco Secure ACS. In the HTML interface, these are identified as replication partners. A Cisco Secure ACS can be both a primary Cisco Secure ACS and a secondary Cisco Secure ACS, provided that it is not configured to be a secondary Cisco Secure ACS to a Cisco Secure ACS for which it performs as a primary Cisco Secure ACS.

NOTE:

Bidirectional replication, wherein a Cisco Secure ACS both sends database components to and receives database components from the same remote Cisco Secure ACS, is not supported. Replication fails if a Cisco Secure ACS is configured to replicate to and from the same Cisco Secure ACS.

NOTE:

All Cisco Secure ACSs involved in replication must run the same release of the Cisco Secure ACS software. It is strongly recommend that Cisco Secure ACSs involved in replication use the same patch level as well.

RDBMS Synchronization
The RDBMS Synchronization feature enables that administrator to update the CiscoSecure user database with information from an ODBC-compliant data source . The ODBC-compliant data source can be the RDBMS database of a third-party application. It can also be an intermediate file or database that a third-party system updates. Regardless of where the file or database resides, Cisco Secure ACS reads the file or database via the ODBC connection. RDBMS Synchronization supports addition, modification, and deletion for all data items it can access.

Synchronization can be configured to occur on a regular schedule, or manually on demand.

Synchronization performed by a single Cisco Secure ACS can update the internal databases of other Cisco Secure ACSs, so configuration of RDBMS Synchronization only needs to occur on one Cisco Secure ACS. Cisco Secure ACSs listen on TCP port 2000 for synchronization data. RDBMS Synchronization communication is encrypted using 128-bit encrypted, proprietary algorithm.

RDBMS Synchronization Components
The RDBMS Synchronization feature comprises two components:

  • CSDBSync – A dedicated Windows service that performs automated user and group account management services for Cisco Secure ACS.
  • accountActions Table – The data object that holds information used by CSDBSync to update the CiscoSecure user database.

OBDC Import Definitions
Cisco Secure ACS supports the import of data from ODBC-compliant databases, such as Microsoft Access or Oracle. Importing is done using a single table to import information into one or more ACS servers.

The CSAccupdate service processes the table and updates local/remote ACS installations according to its configuration.