Chapter 2 Deployment Considerations
Basic Deployment Factors for Cisco Secure ACS
2-6
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
Basic Deployment Factors for Cisco Secure ACS
Generally, the ease in deploying Cisco Secure ACS is directly related to the
complexity of the implementation planned and the degree to which you have
defined your policies and requirements. This section presents some basic factors
you should consider before you begin implementing Cisco Secure ACS.
This section contains the following topics:
• Network Topology, page 2-6
• Remote Access Policy, page 2-14
• Security Policy, page 2-15
• Administrative Access Policy, page 2-15
• Database, page 2-18
• Network Latency and Reliability, page 2-19
Network Topology
How your enterprise network is configured is likely to be the most important
factor in deploying Cisco Secure ACS. While an exhaustive treatment of this topic
is beyond the scope of this guide, this section details how the growth of network
topology options has made Cisco Secure ACS deployment decisions more
complex.
When AAA was created, network access was restricted to either devices directly
connected to the LAN or remote devices gaining access via modem. Today,
enterprise networks can be complex and, because of tunneling technologies, can
be widely geographically dispersed.
Dial-Up Topology
In the traditional model of dial-up access (a PPP connection), a user employing a
modem or ISDN connection is granted access to an intranet via a network access
server (NAS) functioning as a AAA client. Users may be able to connect via only
a single AAA client as in a small business, or have the option of numerous
geographically dispersed AAA clients.