ACS backup and restore on a different software version - please advise

zheka_pefti · ‎10-04-2011

Hello folks,

We are trying to make a restore from the backup done on ACS version 5.1 to a new appliance running ACS5.2

Before doing it I found this note in Cisco ACS user guide:

Note: You cannot back up data from an earlier version of ACS and restore it to a later version. Backup and restore must be performed on the same version of ACS. If you need the data on a different version of the ACS, you can perform an upgrade after you restore the data. Refer to the Installation and Setup Guide for Cisco Secure Access Control System 5.1 for more information on upgrading ACS to later versions.

How should I understand it? This note has conflicting statements. We can't restore to a later version but if you need data on a different version of ACS you can perform an upgrade AFTER YOU RESTORE the data. Doesn't it mean that the restore will still work? How would I do the upgrade to version 5.2 or even version 5.3 that was announced to be released very soon? I didn't find anything on the software upgrade in ACS5.1 guide.

Eugene

Tarik Admani · ‎10-04-2011

The note is trying to explain that have to restore the database to the same version of acs and then upgrade that ACS to the version you want to restore the backup to.

So you if you have a database that is from an ACS 5.1(patch level x) instance.

Then if you RMA your device and are returned with a preloaded ACS 5.2

You will have to reimage the box to ACS 5.1 (patch level x)

Then you will have to upgrade the image to ACS 5.2

Why are you trying to backup an older version of ACS to a new version? either way it goes the database will have to be upgraded.

Also we do have upgrade files that will help you with the upgrade path, the readme files in the upgrade file are very helpful.

Thanks,

Tarik Admani

zheka_pefti · ‎10-05-2011

Thanks a lot, Tarik

Our client currently has only ACS5.1 appliance and they are in the process of purchasing a second one. Once they have it delivered the plan was to install version 5.3 as it was advised by TAC to resolve the issue with the backup over SFTP. Both 5.1 and 5.2 have it as a known bug.

So the back to the software repository via FTP will be done and then it should be restored to the new appliance running ver 5.3

At this stage we don't how to proceed. What would be the best and seamless way to restore quite a big database of devices and policies to a new appliance?

What readme files did you refer to, Tarik ?

Eugene

jrabinow · ‎10-06-2011

In general backup / restore can be used for upgrade of ACS 5 release as follows:

- Backup release ACS 5.N

- Reimage with ACS 5.N+1

- Restore data from ACS 5.N; this will cause upgrade of this data to format of ACS 5.N+1

The good news is that if you want to go from ACS 5.1 to ACS 5.3 you can do the following:

- Backup release ACS 5.1

- Reimage with ACS 5.3

- Restore data from ACS 5.1; this will cause upgrade of this data to format of ACS 5.3

However, if you have a running ACS 5.1 system you can upgrade by using the following application upgrade command in the EXEC mode to upgrade ACS.

application upgrade ACS_5.3.tar.gz repository-name

The images for ACS 5.3 are now on CCO. You can see more details on the upgrade at the installation guide that is also on CCO: http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.3/installation/guide/csacs_upg.html#wp1194871

zheka_pefti · ‎10-06-2011

Thanks guys. The listing of available options is really helpful. And now when we have ACS5.3 let's get started.

Sent from Cisco Technical Support iPhone App