Migration Guide for the Cisco Secure Access Control System 5.0
Migration Setup and Installation
Downloads: This chapterpdf (PDF - 142.0KB) The complete bookPDF (PDF - 3.44MB) | Feedback

Migration Setup and Installation

Table Of Contents

Migration Setup and Installation

Migration Preinstallation Considerations

System Requirements

Migration Software Accessory Kit DVD and CDs

Accessing the Migration Utility

Migration Utility Packaging

Data Migration and Deployment Scenarios

Guidelines for Data Migration in a Single ACS Server

Guidelines for Data Migration in a Distributed Environment

Data Migration Between Platforms


Migration Setup and Installation


This chapter describes the migration considerations for each machine in the migration process and contains:

Migration Preinstallation Considerations

System Requirements

Migration Software Accessory Kit DVD and CDs

Accessing the Migration Utility

Data Migration and Deployment Scenarios

Data Migration Between Platforms

Migration Preinstallation Considerations

Before you begin, ensure that you configure your environment for migration. In addition to your ACS 4.x Windows source machine, you must deploy an ACS 4.x migration machine and an ACS 5.0 target Linux machine. Keep in mind the following considerations:

Ensure that the ACS 4.x database does not have any database corruption issues.

Ensure that you configure the ACS 4.x migration machine for a single IP address. Migration fails on a migration machine with multiple IP address aliases per interface.

Perform a full database backup on the ACS 4.x Windows source machine. Use this machine to maintain your ACS 4.x data. For database backup instructions, refer to the Installation Guide for Cisco Secure ACS for Windows 4.1.

The migration machine should have the same 4.x version as the source machine. You should back up the ACS 4.x version you wish to migrate on the 4.x Windows source machine and restore the same 4.x version on the migration machine. The restore fails if the migration machine does not have the same 4.x version as the source machine. Refer to the Installation Guide for Cisco Secure ACS for Windows 4.1.

ACS 4.x and 5.0 support multiple ACS instances; however, the migration program only supports migration from one instance. Therefore, you should back up the ACS instance you wish to migrate on the 4.x Windows source machine and restore it on the migration machine. If the 4.x Windows source machine uses EAP-FAST, then the selected ACS instance will contain the EAP-FAST master keys and include all the users and devices.

Restore data from the ACS 4.x Windows source machine to the migration machine. The migration machine is a Windows platform running ACS 4.x. Use this machine solely for the purposes of migration. The migration machine cannot be an appliance machine.


Note Use the migration machine when you make any changes to the ACS 4.x data.


Perform a full database backup on the ACS 5.0 target machine. The target machine is a Linux platform running ACS 5.0. Use this machine to process the imported data. For database backup instructions, refer to the Command Line Interface Reference Guide for the Cisco Secure Access Control System 5.0.

Ensure that you:

Install ACS 5.0 on the target machine.

Use a compatible ACS 5.0 license.

Establish network connection between the migration machine and ACS 5.0 server.

Back up your ACS 5.0 database before you run the Import phase.

Enable the migration interface on the ACS 5.0 server.

System Requirements

Your ACS machines must meet the system requirements described in Table 3-1. All documents are available on Cisco.com.

Table 3-1 System Requirements for Migration Machines 

Platform
Requirements

ACS 4.x source machine

Refer to the Installation Guide for Cisco Secure ACS for Windows 4.1.

ACS 4.x migration machine

Refer to the Installation Guide for Cisco Secure ACS for Windows 4.1.

You must have 2 GB of RAM.

Note Ensure that you configure the ACS 4.x migration machine for a single IP address. Migration fails on a migration machine with multiple IP address aliases per interface.

ACS 5.0 target machine

Refer to the following:

Installation and Setup Guide for ACS 5.0

Cisco Application Deployment Engine (ADE) 1010 and 2120 Series Appliance Hardware Installation Guide.

Cisco Application Deployment Engine (ADE) 2130 and 2140 Series Appliance Hardware Installation Guide.


Migration Software Accessory Kit DVD and CDs

Table 3-2 describes the migration software accessory kit DVD and CDs.

Table 3-2 Migration Software Accessory Kit DVD and CDs 

Migration DVD/CDs
Description
Part Number

Cisco Secure Access Control System - Installation and Recovery DVD, Version 5.0

Use this DVD to:

Install VMware

Recover the ACS 5.0 appliance

Reset the password

Access documentation PDFs

80-9270-01

Cisco Secure ACS for Windows - Version 4.1 Software CD (for migration - includes ACS 4.1.1.23, 4.1.1.24, 4.1.3, 4.1.4)

Use this CD to:

Install the migration server if you are running one of the following ACS versions:

4.1.1.23

4.1.1.24

4.1.3

4.1.4

Upgrade the server to ACS 4.1.1 before migration.

80-9271-01

Cisco Secure ACS for Windows - Version 4.2 Software CD (for migration - includes 4.2.0.124

Use this CD to install the migration server if you are running ACS 4.2.

80-9272-01

Cisco Secure ACS Solution Engine - Version 4.1 Upgrade CD (includes ACS 4.1.1.24)

Use this CD to upgrade the ACS Solution Engine (SE) to ACS 4.1.1 prior to migration.

80-9273-01


Accessing the Migration Utility

To access the Migration Utility, download it from the ACS 5.0 web interface.

To download migration application files:


Step 1 Choose System Administration > Downloads > Migration Utility.

The Migration from 4.x page appears.

Step 2 Click Migration application files to download migration.zip, which contains the application files you use to run the Migration Utility.


Related Topics

Migration Software Accessory Kit DVD and CDs

Chapter 4, "Migrating Data from ACS 4.x to ACS 5.0"

Migration Utility Packaging

The zip file migration.zip contains the Migration Utility files. Extract this file to a migration directory. This document uses the migration directory structure shown in Figure 3-1.

Figure 3-1 Migration Utility Directory Structure

Related Topics

Migration Software Accessory Kit DVD and CDs

Accessing the Migration Utility

Chapter 4, "Migrating Data from ACS 4.x to ACS 5.0"

Data Migration and Deployment Scenarios

The Migration Utility migrates ACS 4.x objects to ACS 5.0. The process of data migration in a single ACS appliance differs from that of ACS appliances in a distributed environment. This section contains:

Guidelines for Data Migration in a Single ACS Server

Guidelines for Data Migration in a Distributed Environment

Guidelines for Data Migration in a Single ACS Server

If you have a single ACS appliance in your environment (or several ACS appliances, but not in a distributed setup), run the Migration Utility against the ACS appliance as described in this guide.


Note It is recommended that you restart your ACS appliance after data migration is complete. For instructions to verify that migration is complete, see Validating Import, 4-26.


Guidelines for Data Migration in a Distributed Environment

If you run ACS in a distributed environment (for example, if you have one primary ACS appliance and one or more secondary ACS appliances that interoperate with the primary ACS), you must:

1. Unregister all the secondary ACS appliances from the primary ACS.

2. Run the Migration Utility against the primary ACS appliance.


Note When you run the Migration Utility, the primary ACS appliance should not have any secondary ACS appliances connected to it.


3. After data migration is complete, restart the primary ACS appliance. For instructions to verify that migration is complete, see Validating Import, 4-26.

4. Register all the secondary ACS appliances with the primary ACS. The primary ACS updates the secondary appliances with the migrated data during registration.


Note The Migration Utility runs for approximately 12 hours to migrate 100,000 users, 25,000 devices, and other ACS 4.x objects. When you restart ACS 5.0, the startup process takes about 15 minutes before ACS 5.0 is available for use. The behavior of ACS 5.0 for data migration beyond 100,000 users and 25,000 devices is unknown.


Data Migration Between Platforms

Figure 3-2 shows the data migration flow between platforms. Refer to Chapter 4, "Migrating Data from ACS 4.x to ACS 5.0."

Figure 3-2 Migration Flow Between Platforms