Replication frequency, Important implementation considerations, Important – Cisco 3.3 User Manual
Page 335
9-7
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
Chapter 9 System Configuration: Advanced
CiscoSecure Database Replication
Replication Frequency
The frequency with which your Cisco Secure ACSes replicate can have important
implications for overall AAA performance. With shorter replication frequencies,
a secondary Cisco Secure ACS is more up-to-date with the primary Cisco Secure
ACS. This allows for a more current secondary Cisco Secure ACS if the primary
Cisco Secure ACS fails.
There is a cost to having frequent replications. The more frequent the replication,
the higher the load on a multi-Cisco Secure ACS architecture and on your network
environment. If you schedule frequent replication, network traffic is much higher.
Also, processing load on the replicating systems is increased. Replication
consumes system resources and briefly interrupts authentication; thus the more
often replication is repeated, the greater the impact on the AAA performance of
the Cisco Secure ACS.
Note
Regardless of how frequently replication is scheduled to occur, it only occurs
when the database of the primary Cisco Secure ACS has changed since the last
successful replication.
This issue is more apparent with databases that are large or that frequently change.
Database replication is a non-incremental, destructive backup. In other words, it
completely replaces the database and configuration on the secondary
Cisco Secure ACS every time it runs. Therefore, a large database results in
substantial amounts of data being transferred, and the processing overhead can
also be large.
Important Implementation Considerations
You should consider several important points when you implement the
CiscoSecure Database Replication feature:
•
Cisco Secure ACS only supports database replication to other Cisco Secure
ACSes. All Cisco Secure ACSes participating in CiscoSecure database
replication must run the same version of Cisco Secure ACS. We strongly
recommend that Cisco Secure ACSes involved in replication use the same
patch level, too.
•
You must ensure correct configuration of the AAA Servers table in all
Cisco Secure ACSes involved in replication.