Cisco Systems 3.3 Server User Manual


 
Chapter 2 Deployment Considerations
Basic Deployment Factors for Cisco Secure ACS
2-18
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
Conversely, if a general user attempts to use his or her remote access to log in to
a network device, Cisco Secure ACS checks and approves the username and
password, but the authorization process would fail because that user would not
have credentials that allow shell or exec access to the device.
Database
Aside from topological considerations, the user database is one of the most
influential factors involved in making deployment decisions for Cisco Secure
ACS. The size of the user base, distribution of users throughout the network,
access requirements, and type of user database contribute to how Cisco Secure
ACS is deployed.
Number of Users
Cisco Secure ACS is designed for the enterprise environment, comfortably
handling 100,000 users. This is usually more than adequate for a corporation. In
an environment that exceeds these numbers, the user base would typically be
geographically dispersed, which lends itself to the use of more than one
Cisco Secure ACS configuration. A WAN failure could render a local network
inaccessible because of the loss of the authentication server. In addition to this
issue, reducing the number of users that a single Cisco Secure ACS handles
improves performance by lowering the number of logins occurring at any given
time and by reducing the load on the database itself.
Type of Database
Cisco Secure ACS supports several database options, including the CiscoSecure
user database or using remote authentication with any of the external databases
supported. For more information about database options, types, and features, see
Authentication and User Databases, page 1-10, Chapter 13, “User Databases”, or
Chapter 16, “User Group Mapping and Specification”. Each database option has
its own advantages and limitations in scalability and performance.