- Overview
- Configuring and Monitoring the Cisco PAM Server
- Getting Started With the Cisco PAM Desktop Software
- Configuring User Access for the Cisco PAM Desktop Client
- Understanding Door Configuration
- Configuring Doors
- Configuring Door and Device Templates
- Configuring Personnel and Badges
- Configuring Cisco Access Policies
- Events & Alarms
- Configuring Automated Tasks
- System Integration
- Video Monitoring
- System Configuration Settings
- Backing Up and Restoring Data
- Upgrading Software and Firmware
- Upgrading and Configuring Gateway Modules
- Security
- Troubleshooting
- Related Documentation
- Glossary
Cisco Physical Access Manager Appliance User Guide, Release 1.3.0
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
- Updated:
- November 23, 2017
Chapter: Upgrading Software and Firmware
- Contents
- Upgrade Notes for Release 1.3.0
- Event Archive Settings Are Required
- Localization Feature Requires Database Upgrade
- Gateway Module Firmware Must Be the Same Version as Cisco PAM
- Credential Download Frequency Must be 60 Minutes or Higher
- The Door Groups Feature Added to Device Groups
- Enabling the Password Recovery Feature
- Upgrading From Release 1.0.3 to Release 1.3.0
- Split Holiday Schedule Configurations By Month
- Select the Following Options When Upgrading Gateway Firmware
- Generic Output Devices Installed Prior to Release 1.1.0 Must Be Rewired
- Generic Output Device Command and Event Name Changes
- Browser Time-out
- Upgrade the Cisco PAM Desktop Client Software
- Java Requirements
- Stop EDI Projects Before Upgrading Cisco PAM
- Change the Database Password Message
- Obtaining Software Images
- Obtaining Release Notes and Other Related Documentation
- Upgrading the Cisco PAM Desktop Software
- Upgrading the Cisco PAM Server Software
- Replacing an Appliance
- Reinstalling the Cisco PAM Server Software from a Recovery CD
Upgrading the Server Software
This appendix describes how to upgrade or reinstall the Cisco PAM server software, desktop client software, and Gateway module firmware.
Contents
•
Upgrade Notes for Release 1.3.0
•Obtaining Release Notes and Other Related Documentation
•Upgrading the Cisco PAM Desktop Software
•Upgrading the Cisco PAM Server Software
–Replacing a Stand-Alone (Non-Redundant) Appliance
–Replacing Both Appliances in an HA Configuration
•Reinstalling the Cisco PAM Server Software from a Recovery CD
Upgrade Notes for Release 1.3.0
•Event Archive Settings Are Required
•Localization Feature Requires Database Upgrade
•Gateway Module Firmware Must Be the Same Version as Cisco PAM
•Credential Download Frequency Must be 60 Minutes or Higher
•The Door Groups Feature Added to Device Groups
•Enabling the Password Recovery Feature
•Upgrading From Release 1.0.3 to Release 1.3.0
•Split Holiday Schedule Configurations By Month
•Select the Following Options When Upgrading Gateway Firmware
•Generic Output Devices Installed Prior to Release 1.1.0 Must Be Rewired
•Generic Output Device Command and Event Name Changes
•Upgrade the Cisco PAM Desktop Client Software
•Stop EDI Projects Before Upgrading Cisco PAM
•Change the Database Password Message
•Event Archive Settings Are Required
•Localization Feature Requires Database Upgrade
•Gateway Module Firmware Must Be the Same Version as Cisco PAM
•Credential Download Frequency Must be 60 Minutes or Higher
•Enabling the Password Recovery Feature
•Upgrading From Release 1.0.3 to Release 1.3.0
•Split Holiday Schedule Configurations By Month
•Upgrade the Cisco PAM Desktop Client Software
•Stop EDI Projects Before Upgrading Cisco PAM
•Change the Database Password Message
Event Archive Settings Are Required
If upgrading from Release 1.2.0 or earlier, you are automatically redirected to the Events configuration page of the Cisco PAM Server Administration utility (Figure B-7).
Figure B-1 Initial Setup: Event Pruning and Archiving
Use this page to enter the required event pruning and archive settings. You cannot start the server or perform other activities until event archiving is successfully configured.
The following additional conditions apply:
•If you are upgrading redundant HA servers, the historical event archive settings are only required on the primary appliance.
•If the appliance being upgraded has existing automation rules configured for historical events, the following occurs during the upgrade:
–Commands to copy, prune or archive events are removed. If the automation rule only includes these commands, then the entire rule is removed. The system will use the new event pruning and archiving settings you are prompted to enter during the upgrade.
–If the automation rule also includes action to create reports, the automation rule is upgraded and the reports rules are saved in the upgraded system.
For instructions and more information, see the "Archiving Historical Events" section on page 2-23.
Localization Feature Requires Database Upgrade
If you upgrade the Cisco PAM appliance from release 1.2.0 or lower to release 1.3.0 or higher, you must also upgrade the system database to support localization. This is a one-time process performed by clicking an Enable Localization button the first time you access the localization feature (Figure B-2).
Figure B-2 Enabling Localization
Note•This procedure is also required if you restore a data backup from release 1.2.0 or lower to release 1.3.0 or higher.
•This process can take up to one hour (or more) to complete for large databases.
•For more information, see the "Installing and Revising Language Packs" section on page 2-28.
Gateway Module Firmware Must Be the Same Version as Cisco PAM
Gateway modules must have the same firmware version as the Cisco PAM appliance server software. This includes the major version, minor version, maintenance version, and the build number. If any difference in versions exists between the Gateway and the appliance, then only a restricted set of operations (such as image upgrade) can be performed.
Credential Download Frequency Must be 60 Minutes or Higher
The Credential download frequency cannot be set lower than 60 minutes. If a number less than 60 is entered, the setting will be reset to 60.
Note The Credential download frequency defines how often (in minutes) credential information is downloaded to the Gateways.
To access the Credential download frequency setting, see Cisco Settings, page 14-20.
The Door Groups Feature Added to Device Groups
In Release 1.2.0 and higher, the Door Groups module is included in the Device Groups module.
Any Door Group configurations from previous releases are automatically included in the Device Groups module following an upgrade.
Select Device Groups from the Doors menu to access the module.
Enabling the Password Recovery Feature
To enable the Cisco PAM Server Administration utility password recovery feature, the following fields must be configured (if not already set):
•Email Address
•SMTP Server Address
•SMTP Email Address from
See Enabling the Password Recovery Feature for instructions.
Upgrading From Release 1.0.3 to Release 1.3.0
To upgrade to Cisco PAM Release 1.3.0 from Release 1.0.3, you must first upgrade to Cisco PAM Release 1.1.0. For more information see the caveat CSCte56355.
Split Holiday Schedule Configurations By Month
Holiday schedules that span two months (for example, December 25 through January 4) do not operate correctly. Cisco PAM Release 1.2.0 prevents this configuration, and you must split the Holiday into two entries: one that covers the first month and the second that covers the following month.
For example, if a holiday schedule is required for December 25 through January 4, create one entry for December 25 through December 31, and a second entry for January 1 through January 4.
For more information, see the caveat CSCsq04020.
Select the Following Options When Upgrading Gateway Firmware
When upgrading Gateway firmware images to Cisco PAM Release 1.3.0 from any earlier release, select the following options:
–Set as active image: (checked by default) make the firmware file new active image.
–Delete configuration: delete the module configuration. The configuration is automatically reloaded when the module established communication with the Cisco PAM appliance.
–Delete events: delete all events stored on the module.
–Reset Gateway: (checked by default) perform a soft reset to powercycle the module. Changes to the active image are applied only after the Gateway is reset.
Note When all options are selected, wait approximately 10-15 minutes for the firmware upgrade to complete.
See the Upgrading Gateway Firmware Images Using Cisco PAM, page C-12 for instructions, or refer to the Cisco Physical Access Gateway User Guide.
Generic Output Devices Installed Prior to Release 1.1.0 Must Be Rewired
All Generic Output devices installed in Cisco PAM systems prior to release 1.1.0, were connected to the Gateway, Reader, or Output modules with the wiring reversed. In Cisco PAM release 1.1.0, the wires for these Output devices must be reinstalled to match the device manufactures recommended connections.
Required Generic Output Device Connections in Cisco PAM release 1.1.0
Disconnect all Generic Output devices installed with Cisco PAM release 1.0.0, 1.0.1, or 1.0.3, and do the following:
•Connect Normally Open devices to the N.O. and C connectors on the Gateway, Reader, or Output module.
•Connect Normally Closed devices to the N.C. and C connectors on the Gateway, Reader, or Output module.
Failure to re-wire these devices will cause the devices to act in the opposite way intended.
See Cisco Physical Access Gateway User Guide for more information on module and device wiring.
Generic Output Device Command and Event Name Changes
The following generic output device command names were changed for Release 1.1.0 and higher. The functionality is the same:
|
|
|
|---|---|
Turn output off |
Activate Relay |
Turn output on |
Deactivate Relay |
The following generic output device event names were changed for Release 1.1.0. The functionality is the same:
|
|
|
|---|---|
Output Off |
Output Deactivated |
Output On |
Output Activated |
Browser Time-out
When upgrading, the web browser may display an error such as "Page Not Found" while the upgrade is in process. Wait approximately five minutes for the upgrade to complete, then refresh the browser to display the login page.
Upgrade the Cisco PAM Desktop Client Software
Always upgrade the Cisco PAM desktop client when the server software is upgraded. If the versions are not the same, an error will occur when launching the desktop client. See Installing or Updating the Cisco PAM Desktop Software, page 3-2.
Java Requirements
Before upgrading the Cisco PAM server, upgrade your PC to Java 6.0 or higher (JDK 1.6 or higher), if necessary.
•To install Java 1.6, log on to the Cisco PAM appliance, select Downloads, and then select JRE 1.6 (Windows).
•To download the latest Java, go to http://www.java.com/en/download/manual.jsp
Stop EDI Projects Before Upgrading Cisco PAM
Stop any running EDI projects before upgrading the Cisco PAM appliance software. After the upgrade, re-import the project to EDI Administration and start it again. See Importing, Starting, and Monitoring EDI Projects in Cisco PAM, page 12-38 for instructions to stop, start and import EDI projects.
If EDI projects are not stopped before a Cisco PAM upgrade, the project execution (or run) will not be successful. If this occurs, contact your Cisco support representative for assistance.
Change the Database Password Message
After an upgrade, if the server is started using the Start command in the Commands menu of the Cisco PAM Server Administration utility, a message appears asking if you want to change the database password. Click Cancel. This password is a security measure used for troubleshooting and technical support. It does not impact user operation.
Obtaining Software Images
To access the self-service portal and obtain software, documents, and tools, do the following:
Step 1 Go to the following URL:
http://www.cisco.com/en/US/partner/products/ps9688/tsd_products_support_series_home.html
Tip You can also log in to the Cisco Support Center at http://www.cisco.com/support/.
Step 2 Enter your username and password.
You must be a registered user of Cisco.com to access this page. You must have a current Cisco support contract that is linked to your Cisco.com account to download software and obtain help from the Cisco Technical Assistance Center.
Step 3 Click the Download Software link (Figure B-3).
Figure B-3 Download Cisco PAM Software Updates
Step 4 Click the link for the correct release, or use the search function to locate the software release (Figure B-4).
Figure B-4 Select and Download a Software Release
Step 5 Click Download Now.
Step 6 Follow the on-screen instructions to save the download file to a local or network drive:
a. Verify the download details.
b. Click Proceed With Download.
c. Accept the End User License Agreement.
d. Select a download option (Java or non-Java).
e. Select a location to save the file.
f. Wait for the download to complete.
Step 7 Locate and extract the compressed .zip file on your drive.
For example: cpam-cam25-1.3.0_0.3.31.upgrade.zip.
Step 8 Open the directory and verify that the file is correct.
The filename includes the release number and other details. For example: cpam-cam25-1.3.0_0.3.31.upgrade.bin.
Obtaining Release Notes and Other Related Documentation
To obtain the latest documentation, including release notes, do the following:
Step 1 Go to one of the following URLs:
–Cisco Physical Access Manager Release Notes
http://www.cisco.com/en/US/products/ps9688/prod_release_notes_list.html
–Cisco Physical Access Gateway Documentation
http://www.cisco.com/en/US/products/ps9687/tsd_products_support_series_home.html
–Cisco Physical Access Manager Documentation
http://www.cisco.com/en/US/products/ps9688/tsd_products_support_series_home.html
Step 2 Click the link for the appropriate guide.
For example: Install and Upgrade Guides or End-User Guides.
Step 3 Use these publications to learn how to install, upgrade and use the Cisco Physical Access Control hardware and software.
Tip Release Notes are also included with software downloads, or you can access the release notes while downloading software updates. See the "Obtaining Software Images" section.
Upgrading the Cisco PAM Desktop Software
Always upgrade the Cisco PAM desktop client when the server software is upgraded. If the versions are not the same, an error will occur when launching the desktop client. See Installing or Updating the Cisco PAM Desktop Software, page 3-2 for instructions.
Upgrading the Cisco PAM Server Software
To upgrade the Cisco PAM server software, you must first stop the server. If you are upgrading redundant (HA) servers, you must stop both servers, upgrade the server that was originally designated as the Active server, and then upgrade the Standby server.
Before You Begin
•The following conditions apply when upgrading the Cisco PAM server software:
–Upgrading either a single appliance or redundant servers causes system downtime. All servers must be placed in Down state to perform the upgrade.
–System downtime can result in a temporary loss of data. Log and other system messages sent from the Cisco Physical Access Gateways and other hardware devices may be dropped during the upgrade process. Cisco recommends performing a manual upgrade only when system usage is low.
–If upgrading two redundant appliances (HA configuration), complete the upgrade on one appliance before beginning the upgrade on the second appliance. If the second appliance is upgraded before the first appliance upgrade is complete, unrecoverable conditions may occur, forcing a restore from a backup file.
–Software downgrades are not supported.
•Review all Upgrade Notes for Release 1.3.0
•Obtain the correct software image. See Obtaining Software Images.
Tip The Cisco PAM server software is different from the desktop client software. The server software runs the appliance and provides a web administration interface used to configure and manage the server. The desktop (client) software runs on a PC and is used to configure devices and access control settings.
Procedure
To upgrade the Cisco PAM server software, do the following:
Step 1 Review the notes in Before You Begin and Upgrade Notes for Release 1.3.0
Step 2 Backup either the Active or Standby server, as described in Backing up the Cisco PAM Database, page A-2. This backup is not required, but ensures the latest system data is preserved in case an error occurs.
Step 3 Save the backup file to a local drive.
Step 4 Stop the Standby server, if configured:
a. Log on to the Standby appliance, as described in Logging on to the Cisco PAM Server Administration Utility, page 2-2.
b. Click the Monitoring tab and verify the Server Mode is Standby (Figure B-5).
c. Select the Stop button in the Admin entry.
d. Verify that the Admin State is Down.
Figure B-5 Monitoring Window in the Cisco PAM Server Administration Utility
Step 5 Stop the Active server.
a. Log on to the Active appliance.
b. Click the Monitoring tab and verify the Server Mode is Active (Figure B-5).
c. In the Admin State entry, select Stop.
d. Verify that the Admin State is Down.
Step 6 On the Active server, select the Setup tab, and then select Upgrade, as shown in Figure B-6.
Figure B-6 Upgrade Window in the Cisco PAM Server Administration Utility
Step 7 Click Browse to locate and select the upgrade image.
See the "Obtaining Software Images" section to download the upgrade software, if necessary.
For example: cpam-cam25-1.3.0_0.3.31.upgrade.bin
Step 8 Click the Upgrade button.
•A message appears informing you that the upgrade is starting and the web page will refresh.
•If the Cisco PAM Server Administration utility disconnects, a browser error message may be shown. Wait approximately five minutes for the server to restart, and then refresh your browser.
Step 9 The log in page appears when the upgrade is complete.
Step 10 Enter your existing username and password to log into the appliance.
Step 11 If upgrading from Release 1.2.0 or earlier to Release 1.3.0 or higher, you must enter the event pruning and archive settings, as shown in Figure B-7.
Note If you are upgrading from release 1.3.0 or higher, skip to Step 12.
•Pruned Events are removed from the main database table and placed in a separate database, allowing you to reduce the size of the main database while keeping them accessible on the Cisco PAM system. Pruned events are not visible in Events & Alarms, but are included in reports. Pruned events are also included in system backups.
•Archived events are removed from all Cisco PAM database tables and copied to a compressed file. The file includes a password-protected SQL script, and can be run on an offline database to view the purged events. Archived events are not visible in the Events & Alarms listings or Reports, and are not included in system backups.
Tip These settings are only required if upgrading from Release 1.2.0 or earlier. After the upgrade is complete, you can make additional changes. See the "Archiving Historical Events" section on page 2-23 for more information.
Figure B-7 Initial Setup: Event Pruning and Archiving
a. Select the Pruning tab (Figure B-7), and enter the following settings:
•Live Events Window (days)—Enter a value between 0 and 500 (inclusive). This is the number of days of events that will be available on live view. All the events older than the specified days will be removed at the pruning schedule time. For example, enter 30 to keep events in the live view for 30 days. After midnight on day 30, the events are subject to pruning and archiving (depending on the schedule defined in the following steps).
Note•To ensure that events are regularly pruned, we recommend entering 60 days or less in the Live Events Window field. Entering a value greater than 60 can cause an excessive number of event entries to accumulate in the main database and negatively impact system performance.
•The number is rounded to midnight of the last day.
•Schedule—define the time and frequency when events should be pruned.
–Date—To schedule pruning for one day per month, select Date and then select a day of the month. For example: 15.
–Weekday—To schedule pruning once per week, select Weekday and then select a day of the week. For example: Tuesday.
–Daily—To run pruning every day, select Daily.
–Time—Enter the time in 24 hour format (hh:mm:ss). For example, to run pruning at 2 p.m., enter 14:00:00. To run pruning at 1 a.m., enter 01:00:00.
Figure B-8 Archiving Events
b. Select the Archive tab (Figure B-8) and enter the following settings:
Tip The archive settings are required during the initial setup. After a successful restore, you can disable auto-archiving if necessary. See the "Archiving Historical Events" section on page 2-23.
•Enter and re-enter the administrator Password. This password is used to restore the archive file (similar to backup files).
•Historic Events Window (days)—Enter the number of days that events will be available for reports. After the minimum number of days the events will be archived to a compressed file. For example, enter 30 to keep events in the live view for 30 days. After midnight on day 30, the events are subject to archiving (depending on the schedule defined in the following steps).
•Enter a Schedule when the historic events will be removed from the pruned database and placed into a compressed archive file (archived files are listed above the entry fields).
–Date—To schedule archiving for one day per month, select Date and then select a day of the month. For example: 15.
–Weekday—To schedule archiving once per week, select Weekday and then select a day of the week. For example: Tuesday.
–Daily—To run archiving every day, select Daily.
–Time—Enter the time in 24 hour format (hh:mm:ss). For example, to run archiving at 2 p.m., enter 14:00:00. To run archiving at 1 a.m., enter 01:00:00.
•(Optional) Select Copy to remote server to automatically copy the archived event files to a remote FTP or SFTP location.
Note Only the three most recent archive files are saved. If you do not save the archive file manually or by copying it to a remote server, then the oldest file will be permanently deleted when the fourth file is created.
–FTP: for standard File Transfer Protocol servers.
–SFTP: for secure file transfers using the Secure File Transfer Protocol (also known as the SSH File Transfer Protocol).
–Address—the IP address or hostname of the remote server.
–Username—the username required to log in to the server.
–Password—the login password for the remote server.
–Path—the directory path where the compressed archive will be copied. The path must exist on the remote server. If the directory is not available, the archive will fail.
c. Select Next to apply the settings and continue.
Step 12 Verify the upgrade process is complete, and the Active server is in Down state:
a. Log on to the Active Cisco PAM appliance.
b. Select the Monitoring tab and then select Status.
c. Verify the Server Version is correct. For example: 1.3.0
d. Verify the Admin State is Down.
e. Verify the Server Mode is N/A.
Figure B-9 Server Admin State for the Active Server
Step 13 (HA configurations only) Upgrade the Standby server, if configured.
Note The Active server must be in Down state when you upgrade the Standby server, as described in Step 12. If a Standby server is not installed, skip to Step 14.
a. Log on to the Standby server.
b. Select the Monitoring tab and then select Status.
c. Verify that the Admin State is Down, as shown in Figure B-9
d. Select the Setup tab, and then select Upgrade.
e. Click Browse to locate and select the upgrade image, as shown in Figure B-6.
f. Click Upgrade.
Note Although the Standby server is upgraded, it is still in Down state. Start the Active server before starting the Standby server, as described in the following steps. Otherwise, the Standby server assume the Active role.
Step 14 Restart the Active server.
a. Log on to the Active Cisco PAM appliance, if necessary.
b. Select Monitoring and then Status.
c. In the Admin State entry, select Start.
d. Wait for the Admin State to change to Up.
Note When the server restarts, a message may appear asking if you want to change the database password. Click Cancel or OK. This password is a security measure used for troubleshooting and technical support. It does not impact user operation,
e. Select the Monitoring tab and then select Status, as shown in Figure B-10.
f. Verify the following:
–Verify the Server Version is correct. For example: 1.3.0
–Verify the Admin State is Up.
–Verify the Server Mode is Active.
Figure B-10 Server Admin State (Up) for the Active Server
Step 15 (HA configurations only) Start the Standby server.
Note Only start the Standby server after the Active server is Up, as described in Step 14.
a. Log on to the Active Cisco PAM appliance.
b. Select Monitoring and then Status.
c. In the Admin State entry, select Start.
d. Wait for the Admin State to change to Up.
e. Click Cancel or OK if a database password message appears.
f. Verify the upgrade was successful.
–Log on to the Standby server.
–Select the Monitoring tab and then select Status.
–Verify the Server Version is correct. For example: 1.3.0
–Verify the Admin State is Up.
–Verify the Server Mode is Standby.
Step 16 Restore your data backup, if necessary. See the "Restoring a Server Backup File" section on page A-10.
Step 17 Upgrade the Cisco PAM desktop client, as described in Installing or Updating the Cisco PAM Desktop Software, page 3-2. If the versions are not the same, an error will occur when launching the desktop client.
Replacing an Appliance
To replace an existing appliance with a Cisco Multi Services Platform (MSP) appliance, refer to the following procedures:
•Replacing a Stand-Alone (Non-Redundant) Appliance
•Replacing Both Appliances in an HA Configuration
•Replacing a Single Appliance in an HA Configuration
Replacing a Stand-Alone (Non-Redundant) Appliance
When replacing a single, non-redundant server, backup the system data from the old server immediately before bringing the new server online. You can only restore the data on the new server using the most recent backup: all data and configurations added to the system since the backup will be lost.
Procedure
Step 1 Backup the old appliance, as described in Backing up the Cisco PAM Database, page A-2. This backup is used to restore the system data to the new appliance.
Step 2 Copy the backup file to a local disk, as described in Backing up the Cisco PAM Database, page A-2.
Step 3 Stop the appliance.
a. Log on to the appliance, as described in Logging on to the Cisco PAM Server Administration Utility, page 2-2.
b. Select Monitoring and then select Status (Figure B-11).
c. In the Admin State Entry, click Stop.
d. Verify that the Admin State is Down.
Step 4 Power off the old appliance and physically install the new appliance, as described in the Cisco Physical Security Multi Services Platform User Guide.
Step 5 Boot the new server and complete the setup instructions in Entering the Initial Server Configuration, page 2-5.
Step 6 Obtain and install new Cisco PAM licenses. See Obtaining and Installing Optional Feature Licenses, page 2-42 for more information.
Step 7 Restore the backup file to the new server, as described in Restoring a Server Backup File, page A-10.
Replacing Both Appliances in an HA Configuration
To replace both appliances in a redundant HA configuration, complete the following procedure:
This procedure results in system downtime.
Procedure
Step 1 Back up the Active or Standby server.
The backup file is used to restore the system data on the new server.
a. Log in to the Active or Standby appliance.
b. Backup the system data, as described in Backing up the Cisco PAM Database, page A-2.
c. Copy the backup file to a local disk.
Step 2 Stop the Active appliance.
a. Log on to the Active appliance, as described in Logging on to the Cisco PAM Server Administration Utility, page 2-2.
b. Select Monitoring and then select Status (Figure B-11).
c. Verify the Server Mode is Active.
d. In the Admin State Entry, click Stop.
e. Verify that the Admin State is Down and the Server Mode is N/A, as shown in Figure B-11.
Figure B-11 Server in Admin State "Down"
Step 3 Stop the Standby appliance.
Note Stopping the second appliance results in system downtime since both appliances are offline.
a. Log on to the appliance, as described in Logging on to the Cisco PAM Server Administration Utility, page 2-2.
a. Select Monitoring and then select Status.
b. In the Admin State Entry, click Stop.
Step 4 Power down and physically remove the old appliances.
Step 5 Install the new appliances, as described in the Cisco Physical Security Multi Services Platform User Guide.
Step 6 Boot the new Active appliance and complete the initial configuration for an Active server, as described in Entering the Initial Server Configuration, page 2-5.
•Enter a Shared IP Address.
•Obtain and install new Cisco PAM licenses, including the HA license. All optional licenses are installed on the Active server only. See Obtaining and Installing Optional Feature Licenses, page 2-42 for more information.
Step 7 Boot the new standby appliance and complete the initial configuration for a Standby server.
•Enter a Shared IP Address, as described in Entering the Initial Server Configuration, page 2-5.
•Obtain and reinstall the HA license on the Standby server. See Obtaining and Installing Optional Feature Licenses, page 2-42 for more information.
Step 8 Verify that the redundant servers are in sync.
a. Log in to each server.
b. Open the Monitoring > Status window.
c. Verify that there are entries for Peer Address, Hostname, and Sync Status (Figure B-12).
If the HA servers are not in sync, see the "Monitoring" section on page 2-19 for a description of the HA messages that may appear.
Figure B-12 HA Status: Peer Address, Hostname and Sync Status
Step 9 Restore the backup file to the Active server, as described in Restoring a Server Backup File, page A-10.
Replacing a Single Appliance in an HA Configuration
To replace a single appliance in a HA configuration, put the appliance in Admin Down state. This transfers the Active server status to the other appliance. System data is maintained and access control functionality remains available. Next, physically replace the appliance and complete the initial configuration for a Standby server. Once the server is up, system data will be synchronized from the Active HA appliance.
Procedure
Step 1 (Optional) Back up the Active or Standby server.
The backup is not required, but we recommend performing a backup before any major operation.
a. Log in to the Active or Standby appliance.
b. Backup the system data, as described in Backing up the Cisco PAM Database, page A-2.
c. Copy the backup file to a local disk.
Step 2 Stop the appliance to be replaced.
a. Log on to the appliance, as described in Logging on to the Cisco PAM Server Administration Utility, page 2-2.
b. Select Monitoring and then select Status (Figure B-11).
c. In the Admin State Entry, click Stop.
d. Verify that the Admin State is Down and the Server Mode is N/A, as shown in Figure B-11.
Figure B-13 Server in Admin State "Down"
Step 3 Power down and physically remove the old appliance.
Step 4 Install the replacement appliance, as described in the Cisco Physical Security Multi Services Platform User Guide.
Step 5 Boot the new appliance and complete the initial configuration for a Standby server.
•Enter a Shared IP Address, as described in Entering the Initial Server Configuration, page 2-5.
•Obtain and reinstall the HA license on the Standby appliance. See Obtaining and Installing Optional Feature Licenses, page 2-42 for more information.
Step 6 Wait for the initial setup process to complete.
Step 7 Verify that the redundant servers are in sync.
a. Log in to the appliance.
b. Open the Monitoring > Status window.
c. Verify that there are entries for Peer Address, Hostname, and Sync Status (Figure B-12).
If the HA servers are not in sync, see the "Monitoring" section on page 2-19 for a description of the HA messages that may appear.
Figure B-14 HA Status: Peer Address, Hostname and Sync Status
Reinstalling the Cisco PAM Server Software from a Recovery CD
Use the recovery CD/DVD included with the Cisco PAM appliance to completely erase the server hard disk and re-install the Cisco PAM server software.
Usage Notes
•To boot from the recovery CD/DVD, you must change the boot device order using the BIOS utility, as described in the following procedure.
•Before you begin, back up your system data. The recovery CD deletes all existing data and configurations. See the "Backing up the Cisco PAM Database" section on page A-2.
•You can perform this procedure on a standalone appliance, or on either the active or standby appliance in a redundant HA configuration.
•If using the recovery CD on an appliance in a HA configuration, perform the initial setup for a Standby appliance, and enter a Shared IP address.
•After the recovery process, complete the instructions in the "Entering the Initial Server Configuration" section on page 2-5 and then the "Restoring a Server Backup File" section on page A-10.
Procedure
Step 1 Backup the data on your appliance. See Appendix A, "Backing Up and Restoring Data" for more information.
Reinstalling the server software from a CD/DVD using these instructions permanently erases all data and configurations on the Cisco PAM appliance. You must have at least one backup to restore the server data. See
Appendix A, "Backing Up and Restoring Data" for more information.
Step 2 Insert the Cisco PAM recovery CD into the server DVD-ROM drive.
Step 3 Reboot the Cisco PAM appliance:
a. Log on to the Cisco PAM appliance, as described in Logging on to the Cisco PAM Server Administration Utility, page 2-2.
a. Select the Commands tab, and then select Reboot.
Step 4 Press and hold the Delete key while the appliance is restarting to open the BIOS setup utility, as shown in Figure B-15.
Figure B-15 BIOS Setup Utility
Step 5 Change the priority order of the boot devices so the CD/DVD drive is first boot priority, and the SCSI hard drive is second priority.
Note If you are using the Cisco Physical Access 1125 Appliance installed with Cisco PAM release 1.1.0 and earlier, you do not need to set the boot device using the BIOS setup utility. Skip to Step 6.
a. Use the arrow keys to select the Boot menu, as shown in Figure B-16.
Figure B-16 BIOS Boot Settings
b. Select Boot Device Priority.
c. Use the arrow keys to select the 1st Boot Device, and then press Enter.
A list of available devices appears, as shown in Figure B-17.
Figure B-17 Boot Device Priority Options
d. Use the arrow keys to select the CD/DVD device, and then press the Enter key.
e. Verify that the CD/DVD device is the 1st Boot Device, and the SCSI hard drive is the 2nd Boot Device, as shown in Figure B-18.
Figure B-18 1st Boot Device = CD/DVD
f. Press the F10 function key to save the changes and exit the BIOS utility.
Step 6 Wait for the CD to install the Cisco PAM server software. When finished, the server will reboot again.
Step 7 After the server reboots, remove the Cisco PAM recovery CD from the server DVD-ROM drive.
Step 8 Configure the server as described in Entering the Initial Server Configuration, page 2-5.
Step 9 Restore the system, as described in Restoring a Server Backup File, page A-10.
Feedback