Migration Guide for the Cisco Secure Access Control System 5.2
Migration Utility Setup and Installation
Downloads: This chapterpdf (PDF - 324.0KB) The complete bookPDF (PDF - 7.87MB) | Feedback

Migration Utility Setup and Installation

Table Of Contents

Migration Utility Setup and Installation

Migration Preinstallation Considerations

System Requirements

Migration Software Accessory Kit DVD and CDs

Security Considerations

Accessing the Migration Utility

Migration Utility Packaging

Data Migration and Deployment Scenarios

Guidelines for Data Migration in a Single ACS Server

Guidelines for Data Migration in a Distributed Environment

Data Migration Between Platforms


Migration Utility Setup and Installation


This chapter describes migration considerations for each machine in the migration process and contains:

Migration Preinstallation Considerations

System Requirements

Migration Software Accessory Kit DVD and CDs

Security Considerations

Accessing the Migration Utility

Data Migration and Deployment Scenarios

Data Migration Between Platforms

Migration Preinstallation Considerations

Before you begin, ensure that you configure your environment for migration. In addition to your ACS 4.x Windows source machine, you must deploy an ACS 4.x migration machine and an ACS 5.2 target machine. Keep in mind the following considerations:

Ensure that the ACS 4.x database does not have any database corruption issues.

Ensure that you configure the ACS 4.x migration machine for a single IP address. Migration fails on a migration machine with multiple IP address aliases per interface.

Perform a full database backup on the ACS 4.x Windows source machine. Use this machine to maintain your ACS 4.x data. Restore the backed-up data to an additional ACS 4.x migration machine and fix issues before importing the data to the ACS 5.2 machine.

For database backup instructions, refer to the Installation Guide for Cisco Secure ACS for Windows 4.1.

The migration machine should have the same 4.x version as the source machine. You should back up the ACS 4.x version you wish to migrate on the 4.x Windows source machine and restore the same 4.x version on the migration machine. The restore fails if the migration machine does not have the same 4.x version as the source machine.

Refer to the Installation Guide for Cisco Secure ACS for Windows 4.1.

Restore data from the ACS 4.x Windows source machine to the migration machine. The migration machine is a Windows platform running ACS 4.x. Use this machine solely for the purpose of migration. The migration machine cannot be an appliance machine.


Note Use the migration machine when you make any changes to the ACS 4.x data.


Perform a full database backup on the ACS 5.2 target machine. Use this machine to process the imported data. For database backup instructions, refer to the Command Line Interface Reference Guide for the Cisco Secure Access Control System 5.2.

Ensure that you:

Install ACS 5.2 on the target machine.

Use a compatible ACS 5.2 license.

Establish network connection between the migration machine and ACS 5.2 server.

Back up your ACS 5.2 database before you run the Import phase.

Enable the migration interface on the ACS 5.2 server. For more information on how to enable the migration interface and run the Migration Utility, refer to Chapter 6 "Using the Migration Utility to Migrate Data from ACS 4.x to ACS 5.2".

System Requirements

Your ACS machines must meet the system requirements described in Table 5-1. All documents are available on Cisco.com.

Table 5-1 System Requirements for Migration Machines 

Platform
Requirements

ACS 4.x source machine

Refer to the Installation Guide for Cisco Secure ACS for Windows 4.1.

ACS 4.x migration machine

Refer to the Installation Guide for Cisco Secure ACS for Windows 4.1.

The machine must have 2 GB of RAM.

Ensure that you configure the ACS 4.x migration machine for a single IP address. Migration fails on a migration machine with multiple IP address aliases per interface.

ACS 5.2 target machine

Refer to the following:

Installation and Setup Guide for ACS 5.2

Cisco Application Deployment Engine (ADE) 1010 and 2120 Series Appliance Hardware Installation Guide.

Cisco Application Deployment Engine (ADE) 2130 and 2140 Series Appliance Hardware Installation Guide.


Migration Software Accessory Kit DVD and CDs

Table 5-2 describes the migration software accessory kit DVDs.

Table 5-2 Migration Software Accessory Kit DVD and CDs 

Migration DVDs
Description
Part Number

Cisco Secure Access Control System - Installation and Recovery DVD, Version 5.2

Use this DVD to:

Install VMware

Recover the ACS 5.2 appliance

Reset the password

Install the Migration Utility

Access documentation PDFs

80-9794-01

Cisco Secure Access Control System - Upgrade and Migration DVD, Version 5.2

Use this CD to:

Install the migration server if you are running one of the following ACS versions:

4.1.1.24

4.1.4

4.2

Upgrade the server to ACS 4.1.1 before migration.

Upgrade the ACS Solution Engine (SE) to ACS 4.1.1 prior to migration.

80-9795-01


ACS 5.2 supports migration from ACS 4.2.1. If you want to migrate from ACS 4.2.1 appliance, download the ACS 4.2.1 software image from Cisco.com.

Security Considerations

The export phase of the migration process creates a data file that is used as the input for the import process. The content of the data file is encrypted and cannot be read directly.

You need an ACS administrator username and password to import data into ACS 5.2. You should use a reserved username so that records created by the import utility can be identified in the audit log.

Accessing the Migration Utility

To access the Migration Utility, download it from the ACS 5.2 web interface.

To download migration application files:


Step 1 Choose System Administration > Downloads > Migration Utility.

The Migration from 4.x page appears.

Step 2 Click Migration application files to download migration.zip, which contains the application files you use to run the Migration Utility.


You may also use the Cisco Secure Access Control System - Installation and Recovery DVD, Version 5.2, available in the migration software accessory kit, to download the migration.zip file.

Migration Utility Packaging

The zip file migration.zip contains the Migration Utility files. Extract this file to a migration directory. This document uses the migration directory structure shown in Figure 5-1.

Figure 5-1 Migration Utility Directory Structure

Data Migration and Deployment Scenarios

The Migration Utility migrates ACS 4.x objects to ACS 5.2. The process of data migration in a single ACS appliance differs from that of ACS appliances in a distributed environment. This section contains:

Guidelines for Data Migration in a Single ACS Server

Guidelines for Data Migration in a Distributed Environment

Guidelines for Data Migration in a Single ACS Server

If you have a single ACS appliance in your environment (or several ACS appliances, but not in a distributed setup), run the Migration Utility against the ACS appliance as described in this guide.

For instructions to verify that migration is complete, see Validating Import.

Guidelines for Data Migration in a Distributed Environment

If you run ACS in a distributed environment (for example, if you have one primary ACS appliance and one or more secondary ACS appliances that interoperate with the primary ACS), you must:


Step 1 Back up the primary ACS appliance and restore it on the migration machine.

Step 2 Run the Migration Utility against the primary ACS appliance.

If you have large internal database, we recommend to run the migration from ACS 4.x to ACS 5.2 standalone primary server and not to a primary server that is connected to several secondary appliances. After the completion of the migration process, you can register all the secondaries.


The Migration Utility runs for approximately 15 hours to migrate 300,000 users, 50,000 devices, and 50,000 MAB. When you restart ACS 5.2, the startup process takes about 15 minutes before ACS 5.2 is available for use. The behavior of ACS 5.2 for data migration beyond 400,000 users and 200,000 devices is unknown.

Data Migration Between Platforms

Figure 5-2 shows the data migration flow between platforms. Refer to Chapter 6 "Using the Migration Utility to Migrate Data from ACS 4.x to ACS 5.2."

Figure 5-2 Migration Flow Between Platforms