Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3115
Views
4
Helpful
4
Replies

ACS cluster configuration

Aunudrei Oliver
Cisco Employee
Cisco Employee

‎02-01-2016 01:46 PM

All

I have a customer who is running ACS appliances in a cluster and would like to take a phased approach to the effort. Do we anticipate any fallout from and operation or a support perspective if they proceed in that manner?

Current ACS OS version and patch: 5.4.0.46.4

Will be upgrading to 5.4.0.46.8.

Labels:
4 Replies 4

kthiruve
Cisco Employee
Cisco Employee

‎02-02-2016 12:11 PM

Hi Aunundrei,

Just to let you know the latest is 5.4.0.46.9 that fixed a few vulnerabilities.

That said, please look at the FAQ on ACS 5.4 that has notes on clusters.

Cisco Secure Access Control System 5.4 FAQ - Cisco

The release notes for ACS 5.4 should have resolved and open issues. Please be aware of the open issues applicable to your deployment.

Release Notes for Cisco Secure Access Control System 5.4 - Cisco

I noticed a defect: CSCub31167 related to replication that is an open issue. Thought of mentioning.

If you have specific questions, please let us know.

ACS instances has to be on the same version and patch level in order to bind them to the deployment.

Check out SR:635448425  for more information.

Thanks

Krishnan

Jatin Katyal
Cisco Employee
Cisco Employee

‎02-02-2016 01:20 PM

Hi Aunudrei,

You can start patching the log collector first and then primary node majorly responsible for authentication.

For complete procedure visit Apply patch on ACS

Please be aware that patch installations and removals require that you restart ACS services.

For t-shooting purpose - Patch installations and removals are logged to /opt/CSCOacs/logs/acsupgrade.log

Please ensure to take backup before you patch them !!

~ Jatin

~Jatin
0 Helpful

Aunudrei Oliver
Cisco Employee
Cisco Employee
In response to Jatin Katyal

‎02-02-2016 01:32 PM

Thank you for the response to my question. Specifically the question was

more a deployment strategy meaning once I apply the first patch would the

cluster function if all the devices in it where upgraded in a phased

approached versus all at one time.

Aunudrei Oliver

Network Consulting Engineer

*** contact information removed by moderator

0 Helpful

Jatin Katyal
Cisco Employee
Cisco Employee
In response to Aunudrei Oliver

‎02-02-2016 01:50 PM

The last part of your question is not clear enough. However In order for cluster to function properly - both the ACS nodes should be on the same patch level. You can also consider the the local mode on ACS while applying patches.

~ Jatin

~Jatin
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents