Hi Mauricio,

Thanks for responding. I have a question. When I've upgraded the secondary server from 5.1 to 5.3, will I have to register it back to the primary server which is still on 5.1 or will I just be able to de-register both, upgrade 5.1 to 5.3 to 5.4, and then register them back in the cluster?

Kind Regards,

Bilal

Hi Mauricio,

I have same scenario with Bilal. Any best practice or documentation how to perform the upgrade with this Primary/Secondary setup? I will be doing it on production servers.. I'm confused how to start. Please advice.

Thanks

regards,

Mike

Mike it makes sense now - just de-register both so they are "stand alone servers"

Then upgrade 5.1 to 5.3 and then to 5.4 for both primary and secondary servers. Then register them back...

The cisco documentation is a bit misleading in that they say...

 Step 5 Register the secondary server to the ACS 5.4 primary server. 


  a. Select System Administration > Operations > Local Operations > Deployment Operations. 


 The Deployment Operations page appears. 


  b. Complete the following mandatory fields under the Registration dialog box: 


 –Primary Instance—The hostname of the 5.4 primary server that you wish to register the secondary instance with. 


 –Admin Username—Username of an administrator account. 


 –Admin Password—The password for the administrator account. 


 –Hardware  Replacement—Check to enable the existing ACS instance to re-register  with the primary instance and get a copy of the configuration that is  already present in the primary instance. 


 –Recovery  Keyword—Specify the same hostname that was used in the 5.3 deployment  to ensure that you associate this secondary server with the Monitoring  and Report data that was collected earlier. 


 After  you submit this information, this instance connects to the primary  instance. The primary instance finds the associated ACS instance records  based on the keyword, and marks each record as registered. 


  c. Click Register to Primary. 


 The system displays the following message: 



This operation will register this ACS Instance as a secondary to the specified Primary 
Instance. ACS will be restarted. You will be required to login again. Do you wish to 
continue?



 

  d. Click OK. 


 ACS will restart automatically. Wait for some time to make sure that all processes are up and running successfully. 

Make sure you backup acs just incase!

Hi Bilal,

Can have the link of that cisco documentation.

Thanks

regards,
MiKe

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.4/installation/guide/csacs_upg.html

Upgrade process is pretty much the same.

To backup ACS use the backup backup-name repository repository-name command

To upgrade ACS use the application upgrade ACS_5.4.tar.gz repository-name command

Its just a bit tricky when we have to upgrade in stages. And the worry of losing the config or if something goes wrong as some organisations can be heavily reliant on ACS.

hth

Guys,

Here is a summary of the steps to go form 5.1 to 5.4 in case you have any doubt:

1. De-register the servers, this means that will have now two standalone servers or two primary servers

2. Create a configuration backup from each server, this is a security measure. You can use the following command:

ACS# acs backup repository

3. Apply the latest patch to your ACS 5.1 which is patch number 6

4. Upgrade to 5.3.0.40

5. Apply latest patch to your ACS 5.3 which is number 8

6. Upgrade to 5.4

7. Once you have done this in one server, verify that all the services are running and working as expected, you can use the command:

ACS# show application status acs

8. Do the same in the other ACS server.

9. Finally when both servers are running the same version 5.4, you can register the servers again.

Let me know if any question remains.

Pretty clear - thank you Mauricio

hello all,

we also need to upgrade our 5.1 acs (hw) to 5.4 . i found this topic very helpful but i am only missing one piece of vital information: Can we migrate our acs 5.1 hw to acs 5.4 virtual appliance ??

can someone provide me with some tips?

thank you

Yes you can, it's same procedure. Take full backup of your ACS appliance, the VM should be the same version, 5.1

Then full restore on VM and then upgrade the VM. If you are joining to cluster then just upgrade the appliance to 5.4 and have the VM ready at 5.4. Then join them in one single domain and settings will be replicated.

Hth

Sent from Cisco Technical Support iPhone App

Dear bilal,

hi and happy new year!

thanks for your input.

I ve got 2 more questions for you (if possible):

1) can i have a hybrid cluster (hw + vm) , of course running the same version?

2) have you noticed any significant difference (either speed,overall time needed etc) when upgrading the VM version of the HW version of the ACS?

Thank you

Panay,

Yes, you can have a hybrid cluster.

Yes, VM will have lower performance with same specs.

There is an approximate 10% to 15% increase in performance, on the CSACS 1121 or 3415 appliance than the numbers shown in Table 1-6.

Performance on a virtual machine is slower than on an actual 1120  appliance because of the virtual machine overhead. Performance of a  virtual machine increases when you increase the CPU resources.

Reference:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.4/migration/guide/Migration_Deploy.html#wp1054828

**Share your knowledge. It’s a way to achieve immortality.
--Dalai Lama**

Please Rate if helpful.
Regards
Ed

Happy new year to you too!

Yes you can run with VM and hardware same time.

It depends on how you spec the VM, if you follow the specs recommended by Cisco, I think it's safely assumed you'll be fine.

I may have my upgrade plan step by step including a brand new VM build somewhere at work which I could potentially share, maybe post back next week to remind me and I'll see if I can upload.

Sent from Cisco Technical Support iPhone App