Migration Cisco ACS Windows Based to ACS Appliance Based

Pengantar

Di tahun 2012, tepatnya September. Ada project di salah satu customer perusahaan tempat saya bekerja mendapatkan project instalasi new ACS 1121 (appliance based) dan sekaligus memigrasikan ACS 4.2 (Windows based) ke ACS Appliance based.

Mari kita tengok satu persatu.

Cisco ACS (Access Control System) adalah suatu produk Cisco berupa aplikasi yang melakukan semua hal terkait prosess authentication, authorization dan accounting (AAA). Sederhananya, Cisco ACS adalah TACACS server. Apa itu TACACS server, silakan dibaca-baca di tutorial lain atau bisa juga membaca RFC 1492 atau draft RFC TACACS protocol di IETF.

Cisco System mengeluarkan dua jenis aplikasi TACACS yaitu berbasis Microsoft Windows dan berbasis Linux (Appliance based). Continue reading “Migration Cisco ACS Windows Based to ACS Appliance Based”

Advertisements

Cisco Prime Infrastructure Bugs

Di datasheet Cisco Prime Infrastructure (PI), disebutkan bahwa PI support beberapa device yang compliance dengan RFC 1213. Saya melakukan pengujian di lab dimana terinstall PI 2.0 lalu saya coba enable SNMP di Cisco ACS dan Windows 7. Ternyata PI mendeteksi SNMP agent yang ada di NE namun dengan hasil yang tidak memuaskan. Berikut screenshotnya:

 

pc-win7 v2

Bugs-kah?

 

 

ACS 5x Installation

Pada pertengahan 2012, saya diberi amanah untuk mengerjakan project migrasi Cisco ACS 4.2 ke Cisco ACS 5.3, bersama satu engineer lainnya. Saya sebagai Team Lead, dan satu orang teman saya sebagai member project ini. Desainnya kira-kira:

1. ACS dibuat redundancy (cluster)

2. Database users Tacacs berada di LDAP server as external identity store.

Bawaan pabrik, Cisco ACS 1121 sudah terinstall embedded ACS 5.3. Namun karena ada kebutuhan LDAP, dimana versi 5.3 ini belum support LDAP maka menunggu release ACS 5.4 (kalau tidak salah release 2013 awal). Maka dilakukanlah upgrade dari versi ACS 5.3 ke 5.4. Singkat cerita, ACS 5.4 sudah ready.

Sebagai bahan pengingat, saya coba install ACS 5.4 from the scratch. Jika di project tersebut, saya menggunakan ACS 5.3 lalu upgrade ke 5.4 maka di sini, saya gunakan langsung ACS 5.4. Saya menggunakan virtual appliance, running di atas VMWare. Vmwarenya running di atas Cisco UCS C220 M3.

54

Ok, singkat cerita vSphere 5.5 sudah terinstal dan ACS 5.4 sudah saya donlot dari cisco.com. Lalu buka vSphere dan install ACS dari source iso hasil donlotan tadi. Berikut stepnya:

1. Install iso tersebut dengan membuat new virtual machine di vSphere. Lalu power on vm yang baru kita create dan boot up.

install acs

2. Pilih opsi no 1 untuk instalasi new ACS. Biarkan instalasi ACS melakukan prosesnya. Continue reading “ACS 5x Installation”

Cisco Prime Infrastructure Installation

There are some projects which I handle this year especially Cisco Prime Infrastructure (PI). PI is Network Monitoring System (NMS) produced by Cisco inc. PI is similar to other NSMs like Solarwind, Splunk, Cacti, CiscoWork or Cisco Carrier Management, etc.

Before PI, Cisco produced some NMS (Cisco Work, LMS, NCS, WCS). Now, Cisco is producing and developing PI to replace LMS. The LMS is only produced till 4.2 version and PI is introduced to replace it. PI is produced with 3 variants: Express, Standard and Professional. There is PI Express Custom, but it is not downloadable from cisco.com. PI Express custom is customized based on PI express.

Every variant has different coverage, depend on database that create in first installation. The specification  of RAM, HDD and CPU is also different.

When we deploying PI, the first thing that we need to consider several things:

1. How many devices (node) that will be covered by PI? we can use PI express, standard or professional for big deployment

2. How many space in our storage (HDD), RAM, or CPU?

3. Is it deployed in virtual machine (virtual appliance) or physical appliance?

4. Consider how many IP address which used by PI or others. For example, if we used UCS and VMware then we need some IP address for vSphere management, CIMC management or UCS Manager (Fabric Interconnect, etc)

5. Consider SNMP community and Node IP address which can be reached by PI. In my suggestion, used loopback ip address as snmp client (node/NE).

6. Prepare hostname, NTP, domain, & DNS address for used by PI to access internet and/or upgrade when we need to. Continue reading “Cisco Prime Infrastructure Installation”