User Guide for the Cisco Secure Access Control System 5.0
Configuring System Operations
Downloads: This chapterpdf (PDF - 319.0KB) The complete bookPDF (PDF - 12.93MB) | Feedback

Configuring System Operations

Table Of Contents

Configuring System Operations

Understanding Distributed Deployment

Activating Secondary Servers

Removing Secondary Servers

Promoting a Secondary Server

Understanding Local Mode

Understanding Full replication

Specifying a Hardware Replacement

Syncing Primary and Secondary Instances After Backup and Restore

Editing Instances

Editing a Primary Instance

Editing a Secondary Instance

Deleting a Secondary Instance

Activating or Deactivating a Secondary Instance

Registering a Secondary Instance to a Primary Instance

Deregistering Secondary Instances from the Distributed System Management Page

Deregistering a Secondary Instance from the Join a Distributed System Page

Promoting a Secondary Instance from the Distributed System Management Page

Promoting a Secondary Instance from the Join a Distributed System Page

Replicating a Secondary Instance from a Primary Instance

Replicating a Secondary Instance from the Distributed System Management Page

Replicating a Secondary Instance from the Join a Distributed System Page

Using the Join a Distributed System Page to Create a Local Mode Instance

Applying Local Software Updates

Creating, Duplicating, Editing, and Deleting Software Repositories

Creating, Duplicating, Editing, and Deleting a Software File or Patch

Applying a Software Update to the ACS Instance

Managing Software Repositories from the Web Interface and CLI

Viewing Configuration Changes

Viewing Sequence Data for Transactions

Viewing Sequence Data Details


Configuring System Operations


You can configure and deploy ACS instances so that one ACS instance becomes the primary instance and the other ACS instances can be registered to the primary as secondary instances. An ACS instance represents ACS software that runs on a network. An ACS deployment may consist of a single instance, or multiple instances deployed in a distributed manner, where all instances in a system are managed centrally. All instances in a system will have an identical configuration.

Use the Distributed System Management page to manage all the instances in a deployment. You can only manage instances from the primary instance. You can invoke the Join a Distributed System page from any instance in the deployment but it only controls the operations on the local server.


Note You can register any primary instance or any secondary instance to another primary instance; however, the primary instance you wish to register cannot have any secondary instances registered to it.


The primary instance, created as part of the installation process, centralizes the configuration of the registered secondary instances. Configuration changes made in the primary instance are automatically replicated to the secondary instance. You can force a full replication to the secondary instance if configuration changes do not replicate to the secondary instance.

Related Topic

Understanding Distributed Deployment

Understanding Distributed Deployment

You can configure multiple ACS servers in a deployment. Within any deployment, you designate one server as the primary server and all the other servers are secondary servers. In general, you make configuration changes on the primary server only, and the changes are propagated to all secondary servers, which can then view the configuration data as read-only data. A small number of configuration changes can be performed on a secondary server, including configuration of the server certificate, and these changes remain local to the server.

There is no communication between the secondary servers. Communication happens only between the primary server and the secondary servers. The secondary servers do not know the status of the other secondaries in their deployment.

ACS allows you to deploy an ACS instance behind a firewall.

Table 15-1 lists the ports that must be open on the firewall for you to access ACS through the various management interfaces.

Table 15-1 Ports to Open in Firewalls

Service
Port

ACS Web Interface/Web Service

443

Database replication

2638

Replication over the Message Bus

61616

RMI

2020 (for RMI registry service)

2030 (for incoming calls)

SNMP (for request)

UDP 161

SNMP (for notifications)

UDP 162

SSH

22


The Distributed System Management page can be used to monitor the status of the servers in a deployment and perform operations on the servers.

Related Topics

Activating Secondary Servers

Removing Secondary Servers

Promoting a Secondary Server

Understanding Local Mode

Understanding Full replication

Specifying a Hardware Replacement

Activating Secondary Servers

To add a server to a deployment, you must perform two steps:

1. From the secondary server, issue a request to register on the primary by selecting the option to Join a Distributed System.

2. Activate the secondary instance on the primary. You must activate the secondary instance on the primary instance in order for the secondary instance to receive configuration information; this provides a mechanism of admission control. However, there is an option to automatically activate newly added secondary instances, rather than performing a manual activation request.

Related Topics

Removing Secondary Servers

Promoting a Secondary Server

Understanding Local Mode

Understanding Full replication

Specifying a Hardware Replacement

Removing Secondary Servers

To permanently removed a secondary server from a deployment, you must first deregister the secondary server and then delete it from the primary. You can make the request to deregister a server from either the secondary server to be deregistered or from the primary server.

Related Topics

Activating Secondary Servers

Understanding Distributed Deployment

Promoting a Secondary Server

There can be one server only that is functioning as the primary server. However, you can promote a secondary server so that is assumes the primary role for all servers in the deployment. The promotion operation is performed either on the secondary server that is to assume the primary role or on the primary server.

Related Topics

Activating Secondary Servers

Removing Secondary Servers

Understanding Local Mode

Understanding Full replication

Understanding Local Mode

If the primary server is unreachable from a secondary server (for example, there is a network disconnection) and a configuration change must be made to a secondary server, you can specify that the secondary server go into Local Mode. In Local Mode, you can make changes to a single ACS instance through the local web interface, and the changes take affect on that instance only.

When the connection to the primary server resumes, you can reconnect the disconnected secondary instance in Local Mode to the primary server. From the secondary instance in Local Mode, you specify the Admin username and password to reconnect to the primary instance. All configuration changes made while the secondary server was in Local Mode are lost.

Related Topics

Activating Secondary Servers

Understanding Full replication

Understanding Full replication

Under normal circumstances, each configuration change is propagated to all secondary instances. Unlike ACS 4.x where full replication was performed, in ACS 5.0, only the specific changes are propagated. As configuration changes are performed, the administrator can monitor (on the Distributed System Management page) the status of the replication and the last replication ID to ensure the secondary server is up to date.

If configuration changes are not being replicated as expected, the administrator can request a full replication to the server. When you request full replication, the full set of configuration data is transferred to the secondary server to ensure the configuration data on the secondary server is re synchronized.


Note Replication happens over port 61616.


Related Topics

Activating Secondary Servers

Promoting a Secondary Server

Understanding Local Mode

Specifying a Hardware Replacement

You can perform a hardware replacement to allow new or existing ACS instance hardware to re-register to a primary server and take over an existing configuration already present in the primary server. This is useful when an ACS instance fails and needs physical replacement. There are three steps required to perform the hardware replacement procedure:

1. From the web interface of the primary instance, you must mark the server to be replaced as inactive and deregistered.

2. From the secondary server, register to the primary server. In addition to the standard admin credentials for connecting to the primary server (username/password), you must specify the replacement keyword used to identify the configuration in the primary server. The keyword is the hostname of the instance that is to be replaced.

3. You must active the secondary server on the primary, either automatically or by issuing a manual request.

Related Topics

Editing a Primary Instance

Editing a Secondary Instance

Activating or Deactivating a Secondary Instance

Registering a Secondary Instance to a Primary Instance

Deregistering Secondary Instances from the Distributed System Management Page

Promoting a Secondary Instance from the Distributed System Management Page

Using the Join a Distributed System Page to Create a Local Mode Instance

Syncing Primary and Secondary Instances After Backup and Restore

When you specify that a system backup is restored on a primary instance, the secondary instance is not updated to the newly restored database that is present on the primary instance.

To make sure the secondary instance is updated, from the secondary instance, you need to request a hardware replacement to rejoin the restored primary instance. First, you must deregister the secondary instance from the primary instance. From the web interface of the secondary instance, select Systems Administration > Operations > Local Operation > Join a Distributed System, then click Deregister from Primary. After this step, you can perform the hardware replacement of the secondary instance to the primary instance again by selecting Systems Administration > Operations > Local Operation > Join a Distributed System, specify the primary hostname or IP address, the admin credential, select Hardware Replacement, specify the hostname of the secondary instance, then click Register to Primary.

Editing Instances

When you select System Administration > Operations > Distributed System Management, you can edit either the primary or secondary instance.

Editing a Primary Instance

Editing a Secondary Instance

Editing a Primary Instance


Note Every ACS administrator account is assigned one or more administrative roles. Depending upon the roles assigned to your account, you may or may not be able to perform the operations or see the options described in the following procedure. See Configuring System Administrators and Accounts, page 14-2 to configure the appropriate administrator privileges.


To edit a primary instance:


Step 1 Select System Administration > Operations > Distributed System Management.

The Distributed System Management page appears with two tables:

Primary Instance tableShows the primary instance.


Note The primary instance is created as part of the installation process.


Secondary Instances tableShows a listing and the status of the secondary instances. See Editing a Secondary Instance for more information.

The Distributed System Management Page displays the information described in Table 15-2:

:

Table 15-2 Distributed System Management Page   

Option
Description
Primary Instance

Name

The hostname of the primary instance.

IP Address

The IP address of the primary instance.

Online Status

Indicates if the primary instance is online or offline. A check mark indicates that the primary instance is online; x indicates that the primary instance is offline.

Replication ID

The transaction ID that identifies the last configuration change on the primary instance. This value increases by 1 for every configuration change. Valid values are 1 to infinity.

Last Update

Timestamp of the last database configuration change. The timestamp is in the form hh:mm dd:mm:yyyy.

Version

The current version of the ACS software running on the primary ACS instance. Valid values can be the version string or, if a software upgrade is initiated, Upgrade in progress.

Description

A description of the primary instance.

Secondary Instances

Name

The hostname of the secondary instance.

IP Address

The IP address of the secondary instance.

Online Status

Indicates if the secondary instance is online or offline. A check mark indicates that the secondary instance is online; x indicates that the secondary instance is offline.

Replication Status

Replication status values are:

UPDATEDReplication is complete on the secondary instance. Both Management and Runtime services are current with configuration changes from the primary instance.

PENDING—Request for full replication has been initiated.

REPLICATING—Replication from the primary to the secondary is processing.

N/ANo replication on primary instance.

Replication Time

Timestamp of the last replication. The timestamp is in the form hh:mm dd:mm:yyyy.

Version

The current version of the ACS software running on the secondary ACS instance. If a software update is initiated, the values can be:

Pending

Downloading

Installing

Rebooting

Snapshot

Description

A description of the secondary instance.

Activate

Enable the secondary instance to receive configuration updates from the primary instance.

Deactivate

Disables the secondary instance from the primary instances and does not receive configuration updates from the primary instance.

Deregister1

Disconnects the secondary instance from the primary instance. Stops the secondary instance from receiving configuration updates from the primary instance.

Note When full replication is in progress on an instance, do not attempt to deregister that instance. Wait until the full replication is complete and the secondary instance is restarted before you deregister the secondary instance.

Promote

Requests to promote a secondary instance to the primary instance. All updates to the current primary instance are stopped so that all replication updates can complete. The secondary instance gets primary control of the configuration when the replication updates complete.

Note The secondary instance must be active before you can promote it to the primary instance.

Full Replication

Replicates the primary instance's database configuration for the secondary instance. ACS is restarted.

Note When full replication is in progress on an instance, do not attempt to deregister that instance. Wait until the full replication is complete and the secondary instance is restarted before you deregister the secondary instance.

1 Deregistration does not restart ACS. Registration and Full Replication restart ACS because the database is replaced.


Step 2 From the Primary Instance table, click the primary instance that you want to modify; or, check the Name check box and click Edit.

Step 3 Complete the fields in the Distributed System Management Properties page as described inTable 15-3:

Table 15-3 Distributed System Management Properties Page   

Option
Description
Instance Data

Hostname

The name of the ACS host machine.

Launch Session for Local GUI (only applies to Secondary Instances)

Click this button to launch a new instance of the selected ACS machine. You are required to log in to the primary or secondary instance.

Role

Specifies a primary or secondary instance or Local.

IP Address

The IP address of the primary or secondary instance.

Port

The port for Management service.

MAC Address

MAC address for the instance.

Description

A description of the primary or secondary instance.

Check Secondary Every

The rate at which the primary instance sends a heartbeat status request to the secondary instance. The default value is 60 seconds. The minimum value is 30 seconds and the maximum value is 30 minutes.

Statistics Polling Period

The rate at which the primary instance polls the secondary instance for statistical and logging information. The default value is 60 seconds. The minimum value is 60 seconds; however, you can specify a value of 0 which indicates to turn off polling and logging. The maximum value is 30 minutes.

Enable Auto Activation for Newly Registered Instances

Check this check box to automatically activate the registered secondary instance.

Instance Status
Primary Settings (only applies to primary instances)

Status

Indicates if the primary instance or secondary instance is online or offline.

Version

The current version of the ACS software.

Last Replication Time

Timestamp of the last database configuration change. The timestamp is in the form hh:mm dd:mm:yyyy.

Last Replication ID

The transaction ID that identifies the last configuration change on the primary instance. This value increases by 1 for every configuration change. Valid values are 1 to infinity.

Check Secondary every

Specifies the value, in seconds, to check the secondary instance for replication. The minimum value is 30 seconds. There is no maximum value.

Replication Status (only applies to secondary instances)

Replication Status

Replication status values are:

UPDATEDReplication is complete on ACS instance. Both management and runtime services are current with configuration changes from the primary instance.

PENDING—Request for full replication has been initiated.

REPLICATING—Replication from the primary to the secondary is processing.

N/ANo replication on primary instance.

Last Replication Time

Timestamp of the last replication. The timestamp is in the form hh:mm dd:mm:yyyy.

Primary Replication ID

The transaction ID that identifies the last configuration change on the primary instance. This value increases by 1 for every configuration change. Valid values are 1 to infinity.


Step 4 Click Submit.

The Primary Instance table on the Distributed System Management page appears with the edited primary instance.


Related Topics

Replicating a Secondary Instance from a Primary Instance

Editing a Secondary Instance

Editing a Secondary Instance


Note Every ACS administrator account is assigned one or more administrative roles. Depending upon the roles assigned to your account, you may or may not be able to perform the operations or see the options described in the following procedure. See Configuring System Administrators and Accounts, page 14-2 to configure the appropriate administrator privileges.


To edit a secondary instance:


Step 1 Select System Administration > Operations > Distributed System Management.

The Distributed System Management page appears with two tables:

Primary Instance tableShows the primary instance.

Secondary Instances tableShows a listing and the status of the secondary instances registered to the primary instance.

See Table 15-2 to view column definitions.

Step 2 From the Secondary Instances table, click the secondary instances that you want to modify; or, check the check box for the Name and click Edit.

Step 3 Complete the fields in the Distributed System Management Properties page as described inTable 15-3.

Step 4 Click Submit.

The Secondary Instances table on the Distributed System Management page appears with the edited secondary instance.


Deleting a Secondary Instance


Note Every ACS administrator account is assigned one or more administrative roles. Depending upon the roles assigned to your account, you may or may not be able to perform the operations or see the options described in the following procedure. See Configuring System Administrators and Accounts, page 14-2 to configure the appropriate administrator privileges.


To delete a secondary instance:


Step 1 Select System Administration > Operations > Distributed System Management.

The Secondary Instances table on the Distributed System Management page appears with a list of secondary instances.

Step 2 Deregister the secondary instance you wish to delete. Refer to Deregistering Secondary Instances from the Distributed System Management Page.

Step 3 Check one or more check boxes next to the secondary instances that you want to delete.

Step 4 Click Delete.

The following error message appears:

Are you sure you want to delete the selected item/items?

Step 5 Click OK.

The Secondary Instances table on the Distributed System Management page appears without the deleted secondary instance(s).


Activating or Deactivating a Secondary Instance


Note Every ACS administrator account is assigned one or more administrative roles. Depending upon the roles assigned to your account, you may or may not be able to perform the operations or see the options described in the following procedure. See Configuring System Administrators and Accounts, page 14-2 to configure the appropriate administrator privileges.


To activate or deactivate a secondary instance:


Step 1 Select System Administration > Operations > Distributed System Management.

The Distributed System Management page appears with two tables:

Primary Instance tableShows the primary instance.

Secondary Instances tableShows a listing and the status of the secondary instances registered to the primary instance.

See the Table 15-2 to view column descriptions.

Step 2 From the Secondary Instances table, check the check box next to the secondary instances that you want to activate or deactivate.

Step 3 Click Activate or Deactivate.

Step 4 The Secondary Instances table on the Distributed System Management page appears with the activated or deactivated secondary instance. See the Table 15-3 for valid field options.


Related Topics

Editing a Secondary Instance

Deleting a Secondary Instance

Replicating a Secondary Instance from a Primary Instance

Registering a Secondary Instance to a Primary Instance

Deregistering a Secondary Instance from the Join a Distributed System Page

Promoting a Secondary Instance from the Distributed System Management Page

Using the Join a Distributed System Page to Create a Local Mode Instance

Registering a Secondary Instance to a Primary Instance


Note Every ACS administrator account is assigned one or more administrative roles. Depending upon the roles assigned to your account, you may or may not be able to perform the operations or see the options described in the following procedure. See Configuring System Administrators and Accounts, page 14-2 to configure the appropriate administrator privileges.


To register a secondary instance to a primary instance:


Step 1 Select System Operations > Operations > Local Operations > Join a Distributed System.

The Join a Distributed System page appears, displaying the information described in Table 15-4:

.

Table 15-4 System Operations: Join a Distributed System Page   

Option
Description
Instance Status

Current Status

Identifies the instance of the node you log into as primary or secondary, and identifies whether you are running in local mode.

Primary Instance

The hostname of the primary instance.

Primary IP

The IP address of the primary instance.

Registration

Primary Instance

The hostname of the primary server that you wish to register with the secondary instance.

Port

The external port. Use only if behind a NAT Firewall.

Admin Username

Username of an administrator account.

Admin Password

The password for the administrator account.

Hardware Replacement

Check to enable a new or existing ACS instance hardware to re-register to a primary instance and acquire the existing configuration already present in the primary instance. This is useful when an instance fails and needs physical replacement.

Recovery Keyword

The name of the instance that is to be replaced. This value is the hostname of the system that is being replaced. After you submit this information, this instance connects to the primary instance. The primary instance finds the associated ACS instance records based on the keyword, and marks each record as registered.

Register to Primary

Connects to the remote primary and registers the secondary instance to the primary instance.

Local Mode (only active for an instance running in Local Mode)

Admin Username

Username of an administrator account

Admin Password

The password for the administrators account.

View Configuration Changes

Click this button to display the View Configuration Changes Page. This page details the configuration changes made on the local mode instance.

Save Configuration Change Report

Click this button to open or download the Configuration Change Report. This report details the configuration changes made on the local mode instance.

Reconnect

Click the button to reconnect to the primary instance.


Caution Once you reconnect to the primary instance you will lose the configuration changes you made to the local secondary instance.

You must manually restore the configuration information for the primary instance. You can use the configuration information on the View Configuration Changes Page or the Configuration Change Report to manually restore the configuration information for the primary instance.

Deregistration

Deregister from Primary

Deregisters the secondary from the primary instance. The secondary instance retains the database configuration from when it was deregistered. All nodes are marked as deregistered and inactive, and the secondary instance becomes the primary instance.

Note When full replication is in progress on an instance, do not attempt to deregister that instance. Wait until the full replication is complete and the secondary instance is restarted before you deregister the secondary instance.

Promotion

Promote to Primary

Request to promote a secondary instance to primary instance. All updates to the current primary instance are stopped so that all replication updates can complete. The secondary instance gets primary control of the configuration when the replication updates complete.

Local Mode

Request Local Mode

Request to place the secondary instance in local mode. This enables administrators to make configuration changes only to this instance. Any changes made to the secondary instance are not automatically updated when you reconnect to the primary instance. You must manually enter your changes for the secondary instance.

Replication

Force Full Replication

Replicates the primary instance's database configuration for the secondary instance.

Note When full replication is in progress on an instance, do not attempt to deregister that instance. Wait until the full replication is complete and the secondary instance is restarted before you deregister the secondary instance.


Step 2 Specify the appropriate values in the Registration section.

Step 3 Click Register to Primary.

The system displays the following error message:

This operation will register this ACS Instance as a secondary to the specified Primary Instance. ACS will be restarted. You will be required to login again. Do you wish to continue?

Step 4 Click OK.


Note When you register a secondary to a primary instance, you can use any account created on the primary instance. The credentials that you create on the primary instance are applied to the secondary instance.


Step 5 Log in to the ACS machine after restart.

Step 6 Select System Administration > Operations > Local Operations > Join a Distributed System.

The Join a Distributed System page appears with the secondary instance registered to the primary instance.


Deregistering Secondary Instances from the Distributed System Management Page


Note Every ACS administrator account is assigned one or more administrative roles. Depending upon the roles assigned to your account, you may or may not be able to perform the operations or see the options described in the following procedure. See Configuring System Administrators and Accounts, page 14-2 to configure the appropriate administrator privileges.


To deregister secondary instances from the Distributed System Management page:


Step 1 Select System Administration > Operations > Distributed System Management.

The Distributed System Management page appears.

Step 2 From the Secondary Instances table, check one of check boxes next to the secondary instances that you want to deregister.

Step 3 Click Deregister.

The system displays the following error message:

This operation will deregister this server as a secondary with the primary server. ACS will be restarted. You will be required to login again. Do you wish to continue?

Step 4 Click OK.

Step 5 Log in to the ACS machine.

Step 6 Select System Administration > Operations > Distributed System Management.

The Distributed System Management page appears with the secondary instance deregistered from the primary instance.


Related Topics

Editing a Secondary Instance

Deleting a Secondary Instance

Activating or Deactivating a Secondary Instance

Deregistering a Secondary Instance from the Join a Distributed System Page

Promoting a Secondary Instance from the Distributed System Management Page

Using the Join a Distributed System Page to Create a Local Mode Instance

Deregistering a Secondary Instance from the Join a Distributed System Page


Note In this case, the secondary instance is the local machine you are logged in to.



Note Every ACS administrator account is assigned one or more administrative roles. Depending upon the roles assigned to your account, you may or may not be able to perform the operations or see the options described in the following procedure. See Configuring System Administrators and Accounts, page 14-2 to configure the appropriate administrator privileges.


To deregister a secondary instance from the Join a Distributed System page:


Step 1 Select System Administration > Operations > Local Operations > Join a Distributed System.

The Join a Distributed System page appears with the secondary instance that you are logged in to. See Table 15-4 for valid field options.

Step 2 Click Deregister from Primary.

The system displays the following error message:

This operation will deregister this server as a secondary with the primary server. ACS will be restarted. You will be required to login again. Do you wish to continue?

Step 3 Click OK.

Step 4 Log in to the ACS machine.

Step 5 Select System Administration > Operations > Local Operations > Join a Distributed System.

The Join a Distributed System page appears with the secondary instance you were logged in to deregistered from the primary instance.


Related Topics

Editing a Secondary Instance

Deleting a Secondary Instance

Activating or Deactivating a Secondary Instance

Deregistering Secondary Instances from the Distributed System Management Page

Promoting a Secondary Instance from the Distributed System Management Page

Using the Join a Distributed System Page to Create a Local Mode Instance

Promoting a Secondary Instance from the Distributed System Management Page


Note Every ACS administrator account is assigned one or more administrative roles. Depending upon the roles assigned to your account, you may or may not be able to perform the operations or see the options described in the following procedure. See Configuring System Administrators and Accounts, page 14-2 to configure the appropriate administrator privileges.


To promote a secondary instance to a primary instance from the Distributed System Management page:


Step 1 Select System Administration > Operations > Distributed System Management.

The Distributed System Management page appears. See Table 15-2 for valid field options.

Step 2 From the Secondary Instances table, check the box next to the secondary instance that you want to promote to a primary instance.

Step 3 Click Promote.

The Distributed System Management page appears with the promoted instance.


Related Topics

Editing a Secondary Instance

Deleting a Secondary Instance

Activating or Deactivating a Secondary Instance

Deregistering Secondary Instances from the Distributed System Management Page

Using the Join a Distributed System Page to Create a Local Mode Instance

Promoting a Secondary Instance from the Join a Distributed System Page


Note Every ACS administrator account is assigned one or more administrative roles. Depending upon the roles assigned to your account, you may or may not be able to perform the operations or see the options described in the following procedure. See Configuring System Administrators and Accounts, page 14-2 to configure the appropriate administrator privileges.


To promote a secondary instance to a primary instance from the Join a Distributed System page:


Step 1 Select System Administration > Operations > Distributed System Management.

The Join a Distributed System page appears. See the Table 15-4 for valid field options.

Step 2 Register the secondary instance to the primary instance. See Registering a Secondary Instance to a Primary Instance.

Step 3 Select System Administration > Operations > Distributed System Management.

The Join a Distributed System page appears.

Step 4 Check the box next to the secondary instance that you want to promote to a primary instance.

Step 5 Click Promote to Primary.

The Distributed System Management page appears with the promoted instance.


Related Topics

Editing a Secondary Instance

Deleting a Secondary Instance

Replicating a Secondary Instance from a Primary Instance

Activating or Deactivating a Secondary Instance

Deregistering Secondary Instances from the Distributed System Management Page

Promoting a Secondary Instance from the Distributed System Management Page

Using the Join a Distributed System Page to Create a Local Mode Instance

Replicating a Secondary Instance from a Primary Instance

You can use two different pages to replicate a secondary instance:

Replicating a Secondary Instance from the Distributed System Management Page

Replicating a Secondary Instance from the Join a Distributed System Page


Note For more information on replication, see ACS 4.x and 5.0 Replication, page 1-3.


Replicating a Secondary Instance from the Distributed System Management Page


Note Every ACS administrator account is assigned one or more administrative roles. Depending upon the roles assigned to your account, you may or may not be able to perform the operations or see the options described in the following procedure. See Configuring System Administrators and Accounts, page 14-2 to configure the appropriate administrator privileges.



Note All ACS appliances must be in sync with the AD domain clock.


To replicate a secondary instance:


Step 1 Select System Administration > Operations > Distributed System Management.

The Distributed System Management page appears.

Step 2 From the Secondary Instances table, check one of check boxes next to the secondary instances that you want to replicate.

Step 3 Click Full Replication.

The system displays the following error message:

This operation will force a full replication for this secondary server. ACS will be restarted. You will be required to login again. Do you wish to continue?

Step 4 Click OK.

Step 5 Log in to the ACS machine.

Step 6 Select System Administration > Operations > Distributed System Management.

The Distributed System Management page appears. On the Secondary Instance table, the Replication Status column shows UPDATED. Replication is complete on the secondary instance. Management and runtime services are current with configuration changes from the primary instance.


Replicating a Secondary Instance from the Join a Distributed System Page


Note Every ACS administrator account is assigned one or more administrative roles. Depending upon the roles assigned to your account, you may or may not be able to perform the operations or see the options described in the following procedure. See Configuring System Administrators and Accounts, page 14-2 to configure the appropriate administrator privileges.



Note All ACS appliances must be in sync with the AD domain clock.


To replicate a secondary instance:


Step 1 Select System Administration > Operations > Local Operations > Join a Distributed System.

The Join a Distributed System page appears. See the Table 15-4 for valid field options.

Step 2 Click Force Full Replication.


Note The Force Full Replication button only appears if the secondary instance is the local machine you are logged in to.


The system displays the following error message:

This operation will force a full replication for this secondary server. ACS will be restarted. You will be required to login again. Do you wish to continue?

Step 3 Click OK.

Step 4 Log in to the ACS machine.

Step 5 Select System Administration > Operations > Distributed System Management.

The Distributed System Management page appears. On the Secondary Instance table, the Replication Status column shows UPDATED. Replication is complete on the secondary instance. Management and runtime services are current with configuration changes from the primary instance.


Using the Join a Distributed System Page to Create a Local Mode Instance

When the secondary instance is in local mode it does not receive any configuration changes from the primary instance. The configuration changes you make to the secondary instance are local and do not propagate to the primary instance.


Note Every ACS administrator account is assigned one or more administrative roles. Depending upon the roles assigned to your account, you may or may not be able to perform the operations or see the options described in the following procedure. See Configuring System Administrators and Accounts, page 14-2 to configure the appropriate administrator privileges.



Step 1 Select System Operations > Operations > Local Operations > Join a Distributed System.

The Join a Distributed System page appears. See the Table 15-2 for valid field options.

Step 2 Specify the appropriate values in the Registration section for the secondary instance you want to register.

Step 3 Click Register to Primary.

The system displays the following error message:

This operation will register this ACS Instance as a secondary to the specified Primary Instance. ACS will be restarted. You will be required to login again. Do you wish to continue?

Step 4 Click OK.

Step 5 Log in to the ACS local machine.

Step 6 Select System Administration > Operations > Local Operations > Join a Distributed System.

The Join a Distributed System page appears.

Step 7 Click Request Local Mode.

The secondary instance is now in local mode.


Note Once you reconnect the secondary instance to a primary instance you will lose the configuration changes you made to the local secondary instance. You must manually restore the configuration information for the primary instance. You can use the configuration information on the View Configuration Changes Page or the Configuration Change Report to manually restore the configuration information for this instance. See Viewing Configuration Changes for more information.



Applying Local Software Updates

You can select the local ACS instance to which to apply an upgrade or patch.


Note Every ACS administrator account is assigned one or more administrative roles. Depending upon the roles assigned to your account, you may or may not be able to perform the operations or see the options described in the following procedure. See Configuring System Administrators and Accounts, page 14-2 to configure the appropriate administrator privileges.



Step 1 Select Operations > Local Operations > Local Software Updates.

Step 2 Complete the fields as described in Table 15-5:

Table 15-5 Apply Local Software Updates Page   

Option
Description

Filter

Use to search and filter on page columns:

Name

Version

Software Filename

Description

Match if

Specify the alphanumeric character(s) you wish to use with the filter category.

Name

The name of the software file or patch.

Version

The current version of the ACS software.

Software Repository

The name of the repository location that contains your software update and patch files.

Software Filename

The name of the software update or patch files.

Description

The description of the software update or patch files.


Step 3 Click Apply Software Update.


Creating, Duplicating, Editing, and Deleting Software Repositories


Note Every ACS administrator account is assigned one or more administrative roles. Depending upon the roles assigned to your account, you may or may not be able to perform the operations or see the options described in the following procedure. See Configuring System Administrators and Accounts, page 14-2 to configure the appropriate administrator privileges.


To create, duplicate, edit, or delete a software repository:


Step 1 Select System Administration > Operations > Software Repositories.

The Software Repositories page appears with the information described in Table 15-6:

Table 15-6 Software Repositories Page   

Option
Description

Name

The name of the software repository.

Protocol

The name of the protocol (DISK, FTP, SFTP, TFTP, NFS) you want to use to transfer the upgrade file.

Server

The name of the server.

URL (Update Path)

The name of the path for the upgrade file. You must specify the protocol and the location of upgrade file; for example, ftp://acs-home/updates.

Description

A description of the software repository.


Step 2 Perform one of these actions:

Click Create.

Check the check box next to the software repository that you want to duplicate and click Duplicate.

Click the software repository that you want to modify; or, check the check box for the name and click Edit.

Check one or more check boxes next to the software repository that you want to delete and click Delete.

The Software Update Repositories Properties Page page appears.

Step 3 Complete the fields in the Software Repositories Properties Page as described in Table 15-7:

Table 15-7 Software Update Repositories Properties Page   

Option
Description
General

Name

Name of the software repository.

Description

Description of the software repository.

Repository Information

URL (Update Path)

Name of the path for the upgrade file. You must specify the protocol and the location of upgrade file. For example ftp://acs-home/updates.

User Credentials

Username

Administrator name.

Password

Administrator password.

Confirm Password

Confirmation of the administrator password.


Step 4 Click Submit.

The new software repository is saved. The Software Repository page appears, with the new software repository that you created, duplicated, or edited.


Related Topics

Creating, Duplicating, Editing, and Deleting a Software File or Patch

Managing Software Repositories from the Web Interface and CLI

Managing Software Repositories from the Web Interface and CLI

Creating, Duplicating, Editing, and Deleting a Software File or Patch


Note Every ACS administrator account is assigned one or more administrative roles. Depending upon the roles assigned to your account, you may or may not be able to perform the operations or see the options described in the following procedure. See Configuring System Administrators and Accounts, page 14-2 to configure the appropriate administrator privileges.


To create, duplicate, edit, or delete a software image or patch:


Step 1 Select System Administration > Operations > Centralized Software Updates.

The Centralized Software Updates page appears with the information displayed in Table 15-8:

Table 15-8 Centralized Software Updates Page   

Option
Description

Name

The name of the software file or patch.

Version

The current version of the ACS software.

Software Repository

The name of the repository location you wish to store your software update and patch files as well as ACS back up files.

Software Filename

The name of the software update or patch files.

Description

The description of the software update or patch files.


Step 2 Perform one of these actions:

Click Create.

Check the check box next to the software file or patch that you want to duplicate and click Duplicate.

Click the software file or patch that you want to modify; or, check the check box for the Name and click Edit.

Check one or more check boxes next to the software file or patch that you want to delete and click Delete.

The Centralized Software Updates Properties Create page appears.

Step 3 Complete the fields in the Centralized Software Updates Properties Create page as described in Table 15-9:

Table 15-9 Centralized Software Updates Properties Create Page   

Option
Description

Software Update Information

Name

The name of the upgrade or patch file.

Description

Description of the upgrade or patch file.

Is Patch File

Check the check box to apply the patch file.

Backup

Perform Backup of ACS Configurations (Primary)

Check the check box to back up the ACS primary instance configuration data and enable the repository drop-down menu.

Repository

Select the upgrade repository from the Repository drop-down menu.

Perform Backup of Log Collector

Check the check box to back up the ACS log collector data.

Software File Location

Local - Perform software update using local file

Select this radio button to perform the software upgrade from either a client for repository

Retrieve From Client—Activate this radio button to browse for the upgrade file in the Software File field.

Retrieve From Repository—Activate this radio button to browse for the repository and software file you wish to use for the upgrade.

Remote - Perform software update using remote file

Activate this radio button to browse for the remote repository and software file you wish to use for the upgrade.


Step 4 Click Submit.

The new software file or patch is saved. The Centralized Software Updates page appears, with the new software file or patch that you created, duplicated, or edited.


Related Topics

Creating, Duplicating, Editing, and Deleting Software Repositories

Managing Software Repositories from the Web Interface and CLI

Managing Software Repositories from the Web Interface and CLI

Applying a Software Update to the ACS Instance


Note Every ACS administrator account is assigned one or more administrative roles. Depending upon the roles assigned to your account, you may or may not be able to perform the operations or see the options described in the following procedure. See Configuring System Administrators and Accounts, page 14-2 to configure the appropriate administrator privileges.


To apply a software update to an ACS Instance:


Step 1 Select System Administration > Operations > Centralized Software Updates.

The Centralized Software Updates page appears. See Table 15-8for valid field options.

Step 2 Check the check box next to the software file you want to use for the update.

Step 3 Click Apply Software Update.

The Centralized Software Updates Apply page appears.

Step 4 Complete the fields in the Centralized Software Updates Apply page as described in Table 15-10:

Table 15-10 Centralized Software Updates Apply Page   

Option
Description

Name

The name of the ACS instance you wish to upgrade.

IP Address

The IP address of the ACS instance you wish to upgrade

Role

Specifies the instance type: primary or secondary.

Version

The current version number of the ACS application.

Description

The description of the ACS instance you wish to upgrade.

Apply Software Update

Click this button to apply the software update to the selected instance.

Local - Perform software update using local file

Select this radio button to perform the software upgrade from either a client for repository

Retrieve From Client—Activate this radio button to browse for the upgrade file in the Software File field.

Retrieve From Repository—Activate this radio button to browse for the repository and software file you wish to use for the upgrade.

Remote - Perform software update using remote file

Activate this radio button to browse for the remote repository and software file you wish to use for the upgrade.


Step 5 Check the check box next to the ACS instance you want to update.

Step 6 Click Apply Software Update to update the ACS instance software by using the software file.

The Centralized Software Updates page appears, with the applied software file.


Related Topics

Creating, Duplicating, Editing, and Deleting Software Repositories

Managing Software Repositories from the Web Interface and CLI

Managing Software Repositories from the Web Interface and CLI

You can manage repositories from the web interface or the CLI. Keep in mind the rules for creating or deleting repositories from the web interface or CLI:

If you create a repository from the CLI, that repository is not visible from the web interface, and can only be deleted from the CLI.

If you create a repository from the web interface, it can be deleted from the CLI; however, that repository still exists in the web interface. If you use the web interface to create a repository for a software update, the repository is automatically created again in the CLI.

If you delete a repository using the web interface, it is also deleted in the CLI.

Related Topics

Creating, Duplicating, Editing, and Deleting Software Repositories

Creating, Duplicating, Editing, and Deleting a Software File or Patch

Viewing Configuration Changes


Note Every ACS administrator account is assigned one or more administrative roles. Depending upon the roles assigned to your account, you may or may not be able to perform the operations or see the options described in the following procedure. See Configuring System Administrators and Accounts, page 14-2 to configure the appropriate administrator privileges.


To view configuration changes on the local mode secondary instance:


Step 1 Register a secondary instance to a primary instance.

Step 2 Set the secondary instance to local mode.

Step 3 Open a new session and log in to the secondary instance.

Step 4 Select choose System Administration > Operations > Local Operations > Join a Distributed System, then click View Configurations Changes.

The Local Mode Transactions page appears with the information described in Table 15-11:

Table 15-11 Local Mode Transactions Page   

Option
Description
Local Transactions

Transaction Identifier

The identifier for the transaction in local mode.

Method Name

The method used to define the transaction.



Related Topics

Using the Join a Distributed System Page to Create a Local Mode Instance

Viewing Sequence Data for Transactions

Viewing Sequence Data for Transactions


Note Every ACS administrator account is assigned one or more administrative roles. Depending upon the roles assigned to your account, you may or may not be able to perform the operations or see the options described in the following procedure. See Configuring System Administrators and Accounts, page 14-2 to configure the appropriate administrator privileges.


To view transaction details on the local mode secondary instance:


Step 1 Select System Administration > Operations > Local Operations > Join a Distributed System, then select View Configurations Changes > View.

Step 2 Select the radio button for the Transaction Identifier on the Local Mode Transactions page.

Step 3 Click View.

The Sequences for Transaction page appears with the information described in Table 15-12:

Table 15-12 Sequences for Transaction Page   

Option
Description
Transaction Details

Sequence Number

The identifier for the transaction in local mode.

Method Name

The method used to define the transaction.

Object Type

The ACS object type.

Object Name

The ACS object name.



Related Topics

Using the Join a Distributed System Page to Create a Local Mode Instance

Viewing Configuration Changes

Viewing Sequence Data Details

Viewing Sequence Data Details


Note Every ACS administrator account is assigned one or more administrative roles. Depending upon the roles assigned to your account, you may or may not be able to perform the operations or see the options described in the following procedure. See Configuring System Administrators and Accounts, page 14-2 to configure the appropriate administrator privileges.


To view sequence data details on the local mode secondary instance:


Step 1 Select System Administration > Operations > Local Operations > Join a Distributed System > View Configurations Changes > View > View Transaction > View Sequence.

Step 2 Select the radio button for the Transaction Identifier on the Local Mode Transactions page.

Step 3 Click View.

The Sequences for Transaction page appears. See Table 15-12 for field descriptions.

Step 4 Select the radio button for the Sequence Number on the Local Mode Transactions page.

Step 5 Click View.

The Sequence page appears with the information described in Table 15-13:

Table 15-13 View Sequence Page   

Option
Description
Sequence Data

Sequence Number

The sequence number for the transaction.

Transaction ID

The identifier for the transaction.

Method Name

The method used to define the transaction.

Object Class Type

The ACS object class type.

Object Name

The ACS object name.

Attribute Data

Name

The name of the attribute associated with the transaction.

Value

The attribute value associated with the transaction



Related Topics

Using the Join a Distributed System Page to Create a Local Mode Instance

Viewing Configuration Changes

Viewing Sequence Data for Transactions