02-01-2016 01:46 PM
All
I have a customer who is running ACS appliances in a cluster and would like to take a phased approach to the effort. Do we anticipate any fallout from and operation or a support perspective if they proceed in that manner?
Current ACS OS version and patch: 5.4.0.46.4
Will be upgrading to 5.4.0.46.8.
02-02-2016 12:11 PM
Hi Aunundrei,
Just to let you know the latest is 5.4.0.46.9 that fixed a few vulnerabilities.
That said, please look at the FAQ on ACS 5.4 that has notes on clusters.
Cisco Secure Access Control System 5.4 FAQ - Cisco
The release notes for ACS 5.4 should have resolved and open issues. Please be aware of the open issues applicable to your deployment.
Release Notes for Cisco Secure Access Control System 5.4 - Cisco
I noticed a defect: CSCub31167 related to replication that is an open issue. Thought of mentioning.
If you have specific questions, please let us know.
ACS instances has to be on the same version and patch level in order to bind them to the deployment.
Check out SR:635448425 for more information.
Thanks
Krishnan
02-02-2016 01:20 PM
Hi Aunudrei,
You can start patching the log collector first and then primary node majorly responsible for authentication.
For complete procedure visit Apply patch on ACS
Please be aware that patch installations and removals require that you restart ACS services.
For t-shooting purpose - Patch installations and removals are logged to /opt/CSCOacs/logs/acsupgrade.log
Please ensure to take backup before you patch them !!
~ Jatin
02-02-2016 01:32 PM
Thank you for the response to my question. Specifically the question was
more a deployment strategy meaning once I apply the first patch would the
cluster function if all the devices in it where upgraded in a phased
approached versus all at one time.
Aunudrei Oliver
Network Consulting Engineer
*** contact information removed by moderator
02-02-2016 01:50 PM
The last part of your question is not clear enough. However In order for cluster to function properly - both the ACS nodes should be on the same patch level. You can also consider the the local mode on ACS while applying patches.
~ Jatin
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide