Cisco Identity Services Engine Migration Guide for Cisco Secure ACS 5.1 and 5.2, Release 1.1.x
Preface
Downloads: This chapterpdf (PDF - 148.0KB) The complete bookPDF (PDF - 1.46MB) | Feedback

Preface

Table Of Contents

Preface

Purpose of this Guide

Audience

Organization

How to Use this Guide

Documentation Conventions

Documentation Updates

Related Documentation

Release-Specific Documents

Platform-Specific Documents

Notices

OpenSSL/Open SSL Project

License Issues

Obtaining Documentation and Submitting a Service Request


Preface


Revised: October 4, 2013, OL-25542-01

This migration guide covers both Cisco Identity Services Engine Releases 1.1 and 1.1.x. This guide describes the process for migrating data from a Cisco Secure Access Control System (ACS) Release 5.1/5.2 database to a Cisco Identity Services Engine (ISE) Release 1.1 appliance. The migration process uses the Cisco Secure ACS 5.1/5.2 to Cisco ISE 1.1 Migration Tool. This section of the migration guide introduces the purpose, audience, and organization of the guide and covers the following topics:

Purpose of this Guide

Audience

Organization

How to Use this Guide

Documentation Conventions

Obtaining Documentation and Submitting a Service Request

Related Documentation

Notices

Obtaining Documentation and Submitting a Service Request

Purpose of this Guide

This migration guide is part of the Cisco ISE 1.1 documentation set, and it describes how to migrate existing data from a Cisco Secure ACS Release 5.1/5.2 database to a Cisco ISE 1.1 appliance by using the Cisco Secure ACS to Cisco ISE Migration Tool. This migration guide contains the following information:


Note For the remainder of this migration guide, the Cisco Secure ACS to Cisco ISE Migration Tool (and its shorter form, Cisco Secure ACS-Cisco ISE Migration Tool) describe the tool that is used to migrate data from a Cisco Secure ACS 5.1/5.2 database to a Cisco ISE 1.1 appliance.


Cisco Secure ACS-Cisco ISE Migration Tool installation requirements, prerequisites, and guidelines for migration.

List of Cisco Secure ACS Release 5.1/5.2 data items that can be migrated and a list of the data items that cannot be migrated.

Step-by-step procedures for migrating data from a Cisco Secure ACS 5.1/5.2 database to the Cisco ISE 1.1 appliance.

Reference links to Cisco documentation that defines the upgrade path that is required by earlier releases of Cisco Secure ACS data (Release 3.x and 4.x) before it can be migrated.


Note The Cisco Secure ACS-Cisco ISE Migration Tool only supports migrating Cisco Secure ACS Release 5.1/5.2 data.


To migrate previous releases of Cisco Secure ACS data (for example, 3.x or 4.x) to the Cisco Secure ACS 5.1/5.2 state from which it can be migrated to a Cisco ISE 1.1 appliance, requires a multi-step process:

1. Upgrade the Cisco Secure ACS 3.x or 4.x data to the Cisco Secure ACS Release 5.0 state by using the process described in the Cisco documentation (see Related Documentation in this Preface).

2. Upgrade the Cisco Secure ACS 5.0 data to Cisco Secure ACS Release 5.1/5.2 state by using the process described in the Cisco documentation (see Related Documentation in this Preface).

3. Use the Cisco Secure ACS-Cisco ISE Migration Tool to migrate Cisco Secure ACS 5.1/5.2 data to a Cisco ISE 1.1 appliance using the procedure in this migration guide (see Chapter 4 "Using the Cisco Secure ACS-Cisco ISE Migration Tool").

The focus of this migration guide is on documenting the process for using the Cisco Secure ACS-Cisco ISE Migration Tool to export existing Cisco Secure ACS 5.1/5.2 data and for importing this data into a Cisco ISE 1.1 appliance.

We recommend that you fully understand the related data structure and schema differences between the Cisco Secure ACS 5.1/5.2 and the Cisco ISE 1.1 systems before you attempt to migrate existing Cisco Secure ACS data.

Audience

This migration guide is for network administrators who are responsible for migrating existing Cisco Secure ACS 5.1/5.2 database information to a Cisco ISE 1.1 appliance by using the Cisco Secure ACS-Cisco ISE Migration Tool.

Organization

This migration guide includes the following sections:

Title
Description

Chapter 1 "Cisco Secure ACS 5.1/5.2 to Cisco ISE 1.1 Migration Overview"

Provides an overview of the Cisco Secure ACS-Cisco ISE migration, the software requirements, supported releases, application components, data items that can be migrated, and the software architecture.

Chapter 2 "Understanding the Cisco Secure ACS-Cisco ISE Migration Tool"

Provides a functional description of the Cisco Secure ACS-Cisco ISE Migration Tool, which supports export and import, data persistency, scalability, high availability, and reporting functions.

Chapter 3 "Installing the Cisco Secure ACS-Cisco ISE Migration Tool"

Describes requirements, installation prerequisites and guidelines, and how to install and set up the Cisco Secure ACS-Cisco ISE Migration Tool.

Chapter 4 "Using the Cisco Secure ACS-Cisco ISE Migration Tool"

Describes how to use the Cisco Secure ACS-Cisco ISE Migration Tool to perform operations that export Cisco Secure ACS 5.1/5.2 data from its database and import the migrated data into a Cisco ISE 1.1 appliance.

Chapter 5 "Migrating Data from the Cisco Secure ACS 3.x and 4.x to the ACS 5.1/5.2"

Provides a brief overview and provides documentation links that you need to upgrade earlier releases of Cisco Secure ACS data to the Cisco Secure ACS Release 5.0 state. The only supported migration path for earlier Cisco Secure ACS releases is to upgrade the data to the Cisco Secure ACS Release 5.0 state. Once at the Cisco Secure ACS Release 5.0 state, there is a supported path for upgrading this data to Cisco Secure ACS Release 5.1/5.2.

"Cisco Secure ACS 5.1/5.2 and Cisco ISE 1.1 Data Structure Mapping"

Provides a mapping table that describes how the data objects are mapped between a Cisco Secure ACS Release 5.1/5.2 system and a Cisco ISE 1.1 system.

"Troubleshooting the Cisco Secure ACS-Cisco ISE Migration Tool"

Describes how to troubleshoot any issues that you might encounter when using the Cisco Secure ACS-Cisco ISE Migration Tool.


How to Use this Guide

We recommend that you read and reference the following sections before attempting to migrate Cisco Secure ACS Release 5.1/5.2 data to a Cisco ISE 1.1 appliance:

See "Cisco Secure ACS 5.1/5.2 and Cisco ISE 1.1 Data Structure Mapping" to ensure that you understand the data object, schema, and attribute differences between Cisco Secure ACS and Cisco ISE prior to migration.

See Chapter 1 "Cisco Secure ACS 5.1/5.2 to Cisco ISE 1.1 Migration Overview" for an overview of the Cisco Secure ACS 5.1/5.2 database, data objects, architecture, and the process of migrating its data to the Cisco ISE 1.1 appliance.

See Chapter 2 "Understanding the Cisco Secure ACS-Cisco ISE Migration Tool" to understand the functional and configuration differences and similarities between Cisco Secure ACS 5.1/5.2 and Cisco ISE 1.1, and for specific configuration recommendations.

See Chapter 3 "Installing the Cisco Secure ACS-Cisco ISE Migration Tool" to understand how to install the Cisco Secure ACS-Cisco ISE Migration Tool.

See Chapter 4 "Using the Cisco Secure ACS-Cisco ISE Migration Tool" to understand the process that is required for migrating existing Cisco Secure ACS 5.1/5.2 data to Cisco ISE 1.1 using the Cisco Secure ACS-Cisco ISE Migration Tool.

Documentation Conventions

This migration guide uses the following documentation conventions:

Convention
Indication

bold font

Commands, keywords, and user-entered text appear in bold font.

italic font

Document titles, new or emphasized terms, and arguments for which you supply values are in italic font.

[ ]

Square brackets can indicate one of the following:

An optional element.

Default responses to system prompts.

{x | y | z }

Required alternative keywords are grouped in braces and separated by vertical bars.

[ x | y | z ]

Optional alternative keywords are grouped in brackets and separated by vertical bars.

string

A nonquoted set of characters. Do not use quotation marks around the string or the string will include the quotation marks.

courier font

Terminal sessions and information the system displays appear in courier font.

< >

Nonprinting characters such as passwords are in angle brackets.

!, #

An exclamation point (!) or a pound sign (#) at the beginning of a line of code indicates a comment line.



Caution Means reader be careful. You are capable of doing something that might result in equipment damage or loss of data.


Note Means reader take note. Notes identify important information that you should reflect upon before continuing, contain helpful suggestions, or provide references to materials not contained in this migration guide.


Documentation Updates

Table 1 Updates to Cisco Identity Services Engine Migration Guide for Cisco Secure ACS 5.1 and 5.2, Release 1.1.x

Date
Description

10/31/12

Cisco Identity Services Engine, Release 1.1.2

7/10/12

Cisco Identity Services Engine, Release 1.1.1

3/19/12

Cisco Identity Services Engine, Release 1.1


Related Documentation

Release-Specific Documents

Table 1 lists the product documentation available for the Cisco ISE Release. General product information for Cisco ISE is available at http://www.cisco.com/go/ise. End-user documentation is available on Cisco.com at http://www.cisco.com/en/US/products/ps11640/tsd_products_support_series_home.html.

Table 2 Product Documentation for Cisco Identity Services Engine 

Document Title
Location

Release Notes for the Cisco Identity Services Engine, Release 1.1

Release Notes for the Cisco Identity Services Engine, Release 1.1.x

http://www.cisco.com/en/US/products/ps11640/prod_release_notes_list.html

Cisco Identity Services Engine Network Component Compatibility, Release 1.1

Cisco Identity Services Engine Network Component Compatibility, Release 1.1.x

http://www.cisco.com/en/US/products/ps11640/products_device_support_tables_list.html

Cisco Identity Services Engine User Guide, Release 1.1

Cisco Identity Services Engine User Guide, Release 1.1.x

http://www.cisco.com/en/US/products/ps11640/products_user_guide_list.html

Cisco Identity Services Engine Hardware Installation Guide, Release 1.1

Cisco Identity Services Engine Hardware Installation Guide, Release 1.1.x

http://www.cisco.com/en/US/products/ps11640/prod_installation_guides_list.html

Cisco Identity Services Engine Upgrade Guide, Release 1.1.x

http://www.cisco.com/en/US/products/ps11640/prod_installation_guides_list.html

Cisco Identity Services Engine Migration Guide for Cisco Secure ACS 5.1 and 5.2, Release 1.1.x

http://www.cisco.com/en/US/products/ps11640/prod_installation_guides_list.html

Cisco Identity Services Engine Sponsor Portal User Guide, Release 1.1.x

http://www.cisco.com/en/US/products/ps11640/products_user_guide_list.html

Cisco Identity Services Engine CLI Reference Guide, Release 1.1.x

http://www.cisco.com/en/US/products/ps11640/prod_command_reference_list.html

Cisco Identity Services Engine API Reference Guide, Release 1.1.x

http://www.cisco.com/en/US/products/ps11640/prod_command_reference_list.html

Cisco Identity Services Engine Troubleshooting Guide, Release 1.1.x

http://www.cisco.com/en/US/products/ps11640/prod_troubleshooting_guides_list.html

Regulatory Compliance and Safety Information for Cisco Identity Services Engine, Cisco 1121 Secure Access Control System, Cisco NAC Appliance, Cisco NAC Guest Server, and Cisco NAC Profiler

http://www.cisco.com/en/US/products/ps11640/prod_installation_guides_list.html

Cisco Identity Services Engine In-Box Documentation and China RoHS Pointer Card

http://www.cisco.com/en/US/products/ps11640/products_documentation_roadmaps_list.html


Platform-Specific Documents

Links to other platform-specific documentation are available at the following locations:

Cisco ISE
http://www.cisco.com/en/US/products/ps11640/prod_installation_guides_list.html

Cisco Secure ACS
http://www.cisco.com/en/US/products/ps9911/tsd_products_support_series_home.html

Cisco NAC Appliance
http://www.cisco.com/en/US/products/ps6128/tsd_products_support_series_home.html

Cisco NAC Profiler
http://www.cisco.com/en/US/products/ps8464/tsd_products_support_series_home.html

Cisco NAC Guest Server
http://www.cisco.com/en/US/products/ps10160/tsd_products_support_series_home.html

Notices

The following notices pertain to this software license.

OpenSSL/Open SSL Project

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/).

This product includes cryptographic software written by Eric Young (eay@cryptsoft.com).

This product includes software written by Tim Hudson (tjh@cryptsoft.com).

License Issues

The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the OpenSSL License and the original SSLeay license apply to the toolkit. See below for the actual license texts. Actually both licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL please contact openssl-core@openssl.org.

OpenSSL License:

Copyright © 1998-2007 The OpenSSL Project. All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions, and the following disclaimer in the documentation and/or other materials provided with the distribution.

3. All advertising materials mentioning features or use of this software must display the following acknowledgment: "This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)".

4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact openssl-core@openssl.org.

5. Products derived from this software may not be called "OpenSSL" nor may "OpenSSL" appear in their names without prior written permission of the OpenSSL Project.

6. Redistributions of any form whatsoever must retain the following acknowledgment:

"This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)".

THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT "AS IS"' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com).

Original SSLeay License:

Copyright © 1995-1998 Eric Young (eay@cryptsoft.com). All rights reserved.

This package is an SSL implementation written by Eric Young (eay@cryptsoft.com).

The implementation was written so as to conform with Netscapes SSL.

This library is free for commercial and non-commercial use as long as the following conditions are adhered to. The following conditions apply to all code found in this distribution, be it the RC4, RSA, lhash, DES, etc., code; not just the SSL code. The SSL documentation included with this distribution is covered by the same copyright terms except that the holder is Tim Hudson (tjh@cryptsoft.com).

Copyright remains Eric Young's, and as such any Copyright notices in the code are not to be removed. If this package is used in a product, Eric Young should be given attribution as the author of the parts of the library used. This can be in the form of a textual message at program startup or in documentation (online or textual) provided with the package.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

3. All advertising materials mentioning features or use of this software must display the following acknowledgement:

"This product includes cryptographic software written by Eric Young (eay@cryptsoft.com)".

The word `cryptographic' can be left out if the routines from the library being used are not cryptography-related.

4. If you include any Windows specific code (or a derivative thereof) from the apps directory (application code) you must include an acknowledgement: "This product includes software written by Tim Hudson (tjh@cryptsoft.com)".

THIS SOFTWARE IS PROVIDED BY ERIC YOUNG "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

The license and distribution terms for any publicly available version or derivative of this code cannot be changed. i.e. this code cannot simply be copied and put under another distribution license [including the GNU Public License].

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

Subscribe to the What's New in Cisco Product Documentation as a RSS feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS Version 2.0.