Migration Utility Setup and Installation
This chapter describes migration considerations for each machine in the migration process and contains:
■Migration Preinstallation Considerations
■System Requirements
■ACS Software Accessory Kit DVDs
■Security Considerations
■Accessing the Migration Utility
■Data Migration and Deployment Scenarios
■Data Migration Between Platforms
Migration Preinstallation Considerations
Before you begin, ensure that you configure your environment for migration. In addition to your ACS 4.x Windows source machine, you must deploy an ACS 4.x migration machine and an ACS 5.8.1 target machine. Keep in mind the following considerations:
■Ensure that the ACS 4.x database does not have any database corruption issues.
■Ensure that you configure the ACS 4.x migration machine for a single IP address. Migration fails on a migration machine with multiple IP address aliases per interface.
■Perform a full database backup on the ACS 4.x Windows source machine. Use this machine to maintain your ACS 4.x data. Restore the backed-up data to an additional ACS 4.x migration machine, and fix issues before importing the data to the ACS 5.8.1 machine.
For database backup instructions, see the Installation Guide for Cisco Secure ACS for Windows 4.1.
■The migration machine should have the same 4.x version as the source machine. You should back up the ACS 4.x version you wish to migrate on the 4.x Windows source machine and restore the same 4.x version on the migration machine. The restore fails if the migration machine does not have the same 4.x version as the source machine.
See the Installation Guide for Cisco Secure ACS for Windows 4.1.
■Restore data from the ACS 4.x Windows source machine to the migration machine. The migration machine is a Windows platform running ACS 4.x. Use this machine solely for the purpose of migration. The migration machine cannot be an appliance machine.
Note: Use the migration machine when you make any changes to the ACS 4.x data.
■Perform a full database backup on the ACS 5.8.1 target machine. Use this machine to process the imported data. For database backup instructions, see the Command Line Interface Reference Guide for Cisco Secure Access Control System 5.8.1.
■Ensure that you:
–Install ACS 5.8.1 on the target machine.
–Use a compatible ACS 5.8.1 license.
–Establish network connection between the migration machine and ACS 5.8.1 server.
■Back up your ACS 5.8.1 database before you run the Import phase.
■Enable the migration interface on the ACS 5.8.1 server. For more information on how to enable the migration interface and run the Migration Utility, see Using the Migration Utility to Migrate Data from ACS 4.x to ACS 5.8.1.
System Requirements
Your ACS machines must meet the system requirements described in Table 1. All documents are available on Cisco.com.
Table 1 System Requirements for Migration Machines
|
|
ACS 4.x source machine |
See the Installation Guide for Cisco Secure ACS for Windows 4.1. |
ACS 4.x migration machine |
See the Installation Guide for Cisco Secure ACS for Windows 4.1. The machine must have 2 GB of RAM. Ensure that you configure the ACS 4.x migration machine for a single IP address. Migration fails on a migration machine with multiple IP address aliases per interface. |
ACS 5.8.1 target machine |
See the following: ■ Installation and Setup Guide for ACS 5.8.1 ■ Cisco Application Deployment Engine (ADE) 1010 and 2120 Series Appliance Hardware Installation Guide. ■ Cisco Application Deployment Engine (ADE) 2130 and 2140 Series Appliance Hardware Installation Guide. |
ACS Software Accessory Kit DVDs
Table 2 describes the ACS software accessory kit DVDs.
Table 2 ACS Software Accessory Kit DVD
|
|
Cisco Secure Access Control System-Installation and Recovery DVD, Version 5.8.1 |
Use this DVD to: ■Install the ACS 5.8.1_ISO image. ■Install the Application Upgrade Bundle. ■Install VMware. ■Recover the ACS 5.8.1 appliance. ■Reset the password. |
Cisco Secure Access Control System-Upgrade and Migration_Documentation DVD, Version 5.8.1 |
Use this DVD to: ■ACS 5.5 Upgrade Package (upgrade from 5.3 or 5.4 to 5.5). ■ACS 5.6 Upgrade Package (upgrade from 5.4 or 5.5 to 5.6) ■ACS 5.7 Upgrade Package (upgrade from 5.5 or 5.6 to 5.7) ■ACS 5.8 Upgrade Package (upgrade from 5.5, 5.6 or 5.7 to 5.8) ■ACS 5.8.1 Upgrade Package (upgrade from 5.5, 5.6, 5.7, or 5.8 to 5.8.1) ■Install the Migration Utility, if you are running one of the following ACS versions: –4.1.1.24 –4.1.4.13 –4.2.0.124 ■Upgrade the server to ACS 4.2.0.124 before migration. ■Documentation: –ACS_5.8.1_5x5_Pointer_Card_ChinaRoHS.pdf –ACS_5.8.1_CLI_Reference_Guide.pdf –ACS_5.8.1_Installation_and_Upgrade_Guide.pdf –ACS_5.8.1_Migration_Guide.pdf –ACS_5.8.1_Regulatory_Compliance_and_Safety_Information.pdf –ACS_5.8.1_Release_Notes.pdf –ACS_5.8.1_SDT_Guide.pdf –ACS_5.8.1_Software_Developer’s_Guide.pdf –ACS_5.8.1_User_Guide.pdf |
Migration from ACS 4.x to ACS 5.x is supported only from the software version of ACS 4.x.
To migrate from the ACS 4.x appliance version, complete the following steps:
1. Make a backup from any supported version of the ACS 4.x appliance.
2. Restore the appliance backup on the same supported version of the ACS 4.x software.
3. Now run the Migration Utility.
Security Considerations
The export phase of the migration process creates a data file that is used as the input for the import process. The content of the data file is encrypted and cannot be read directly.
You need an ACS administrator username and password to import data into ACS 5.8.1. You should use a reserved username, so that records created by the import utility can be identified in the audit log.
Accessing the Migration Utility
To access the Migration Utility, download it from the ACS 5.8.1 web interface.
To download migration application files:
1. Choose System Administration > Downloads > Migration Utility.
The Migration from 4.x page appears.
2. Click Migration application files to download migration.zip, which contains the application files you use to run the Migration Utility.
Data Migration and Deployment Scenarios
The Migration Utility migrates ACS 4.x objects to ACS 5.8.1. The process of data migration in a single ACS appliance differs from that of ACS appliances in a distributed environment. This section contains:
■Guidelines for Data Migration in a Single ACS Server
■Guidelines for Data Migration in a Distributed Environment
Guidelines for Data Migration in a Single ACS Server
If you have a single ACS appliance in your environment (or several ACS appliances, but not in a distributed setup), run the Migration Utility against the ACS appliance as described in this guide.
For instructions to verify that migration is complete, see Validating Import.
Guidelines for Data Migration in a Distributed Environment
If you run ACS in a distributed environment (for example, if you have one primary ACS appliance and one or more secondary ACS appliances that interoperate with the primary ACS), you must:
1. Back up the primary ACS appliance and restore it on the migration machine.
2. Run the Migration Utility against the primary ACS appliance.
If you have large internal database, we recommend that you run the migration from an ACS 4.x to an ACS 5.8.1 standalone primary server, and not to a primary server that is connected to several secondary appliances. After the completion of the migration process, you can register all the secondaries.
The Migration Utility runs for approximately 15 hours to migrate 300,000 users, 50,000 devices, and 50,000 MAB. When you restart ACS 5.8.1, the startup process takes about 15 minutes before ACS 5.8.1 is available for use. The behavior of ACS 5.8.1 for data migration beyond 400,000 users and 200,000 devices is unknown.