Filter
Top Products
H-3
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Appendix H Cisco Secure ACS Internal Architecture
CSAdmin
CSAdmin
CSAdmin is the service for the internal web server. Cisco Secure ACS does not
require the presence of a third-party web server; it is equipped with its own
internal server. After Cisco Secure ACS is installed, you must configure it from
its HTML interface. This means that CSAdmin must be running when you
configure Cisco Secure ACS.
Although you can start and stop services from within the Cisco Secure ACS
HTML interface, this does not include starting or stopping CSAdmin. If CSAdmin
stops abnormally because of an external action, you cannot access
Cisco Secure ACS from any machine other than the Windows NT/2000 server on
which it is running. You can start or stop CSAdmin from the Windows NT/2000
Service menu.
CSAdmin is a multithreaded application that enables several administrators to
access it at the same time. Therefore, CSAdmin is best for distributed,
multiprocessor, and clustered environments.
Note When you access CSAdmin from a browser, a new port is assigned for that
session of the browser. This increases security and helps with session
management. Therefore, when a firewall is used with authentication
forwarding, you must exclude the server IP address:2002 port.
CSAuth
CSAuth is the authentication and authorization service. Its primary purpose is the
authentication and authorization of requests to permit or deny access to users.
CSAuth determines if access should be granted and defines the privileges for a
particular user. CSAuth is the database manager.
Cisco Secure ACS can access several different databases for authentication.
When a request for authentication arrives, Cisco Secure ACS checks the database
that is configured for that user. If the user is unknown, Cisco Secure ACS checks
the database(s) configured for unknown users.