.

Data Sheet

Cisco Secure Access Control Server 4.2

Cisco

®

Secure Access Control Server (ACS) provides a comprehensive, identity-based access policy system for Cisco intelligent information networks. It is the integration and control platform for managing access policy for network resources.

Cisco Secure ACS provides central management of access policies for both network access and device administration and supports a wide range of access scenarios including wireless LAN, 802.1x wired, and remote access. Cisco Secure ACS is the leading authentication, authorization, and accounting (AAA) platform in the market and is deployed by 90 percent of the top 500 Cisco customers. Cisco Secure ACS is available as a rack-mountable, dedicated appliance—Cisco Secure ACS Solution Engine—or as software that runs on Windows platforms, Cisco Secure ACS for Windows.

Product Overview

With the ever-increasing number of methods and opportunities for accessing networks today, security breaches and uncontrolled user access are of primary concern among enterprises. While the wide deployment of wireless LANs and remote access have increased security challenges at the perimeter, security risks inside the enterprise exist as well. Identity networking technologies such as 802.1x that can mitigate both internal and external security vulnerabilities have become of prime interest to customers worldwide. Network security officers and administrators need solutions that support flexible authentication and authorization policies that are tied to the user identity as well as context such as the network access type and the security of the machine used to access the network. Further, there is a need to audit network use and monitor corporate compliance.

Cisco Secure ACS is a highly scalable, high-performance access policy system that centralizes authentication, user access, and administrator access policy and reduces the administrative and management burden. Cisco Secure

ACS is a central point for administering security policy for users and devices accessing the network. Cisco Secure

ACS supports multiple and concurrent access scenarios including:

●

Device administration: Cisco Secure ACS authenticates network administrators, authorizes commands, and provides an audit trail.

● Remote Access: Cisco Secure ACS works with VPN and other remote network access devices to enforce access policies.

●

Wireless: Cisco Secure ACS authenticates and authorizes wireless users and hosts and enforces wirelessspecific policies.

● 802.1x LAN: Cisco Secure ACS supports dynamic provisioning of VLANs and access control lists (ACLs) on a per user basis and 802.1x with port-based security.

● Network admission control: Cisco Secure ACS communicates with posture and audit servers to enforce admission control policies.

© 2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 3

Data Sheet

Features and Benefits

Cisco Secure ACS is a powerful access policy system with management and scalability features for the growing organization. Table 1 lists the key features and benefits of Cisco Secure ACS 4.2.

Table 1. Key Features and Benefits of Cisco Secure ACS 4.2

Feature

AAA protocols

Benefit

Cisco Secure ACS supports two distinct protocols for authentication, authorization, and accounting (AAA). Cisco Secure

ACS supports both RADIUS and TACACS+ for the concurrent support of network access and network device access control. Cisco Secure ACS is a single system for enforcing access policy.

Database options Cisco Secure ACS provides an onboard database while supporting Windows Active Directory, Lightweight Directory

Access Protocol (LDAP), and Open Database Connectivity (ODBC) for integration with existing user databases. Support for RSA SecurID Authentication Manager and RADIUS-enabled token servers allows integration with strong authentication systems. Multiple databases can be used concurrently for maximum flexibility in enforcing access policy.

Authentication protocols Cisco Secure ACS supports a wide range of authentication protocols including Password Authentication Protocol (PAP),

Challenge Handshake Authentication Protocol (CHAP), MS-CHAP, Extensible Authentication Protocol (EAP)-MD5, EAP–

Generic Token Card (GTC), Cisco LEAP, Protected EAP (PEAP), EAP–Flexible Authentication via Secure Tunneling

(FAST), and EAP–Transport Layer Security (TLS) to support all your authentication requirements.

Network access policies Cisco Secure ACS allows the configuration of complex network access policies that may include authentication protocol requirements, device restrictions, time of day restrictions, posture validation, and other access requirements. Cisco

Secure ACS may apply downloadable access control lists (dACLs), VLAN assignments, and other authorization parameters.

Centralized configuration management

Cisco Secure ACS replication allows administrator-defined configuration items to be replicated across ACS servers in the network, providing both flexibility and ease of administration for large networks. Provisioning is facilitated through a secure, web-based GUI, command-line interface (CLI), and relational database management system (RDBMS) synchronization to allow Cisco Secure ACS to fit in your workflow.

Logging Cisco Secure ACS logs are viewable and exportable for use in other systems. Cisco Secure ACS logs support troubleshooting and diagnostics, compliance and auditing, and other reporting and billing activities.

Platform options Cisco Secure ACS is available as a closed and hardened appliance or as Windows Server software for customers with existing practices for server/OS management. Cisco Secure ACS for Windows may be used with VMWare ESX Server for customers deploying virtual servers.

System Requirements

Cisco Secure ACS is available as Cisco Secure ACS for Windows and as the Cisco Secure ACS Solution Engine—a one-rack-unit (1RU), security-hardened appliance with a preinstalled Cisco Secure ACS license. Table 2 lists the specifications of Cisco Secure ACS Solution Engine 4.2.

Table 2. Cisco Secure ACS Solution Engine 4.2 Specifications

Component

CPU

System memory

Hard disk drive

Media

I/O ports

Physical dimensions (1RU)

Rated input power

Specifications

3.4 GHz Intel Pentium 4, 800 MHz FSB, 2 MB cache

1GB

160 GB SATA

CD/DVD combo

RS232 Serial Port, 3 USB 2.0 (1 front, 2 rear)

● 429 (W) x 508 (D) x 42 (H) mm

● 16.9 (W) x 20 (D) x 1.67 (H) in.

345W

Table 3. Minimum Server Specifications for Cisco Secure ACS 4.2 for Windows

Specification

Processor speed

Memory

Virtual memory

Hard drive

Minimum Requirement

Pentium IV processor, 1.8 GHz or faster

Minimum 1 GB RAM

Minimum 1 GB

At least 1 GB of free hard drive space

© 2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 2 of 3

Printed in USA

Data Sheet

Specification

Operating system

Resolution

Minimum Requirement

● Windows Server 2008, Enterprise Edition or Standard Edition (English Version only)

● Windows Server 2003 Service Pack 1, Enterprise Edition or Standard Edition (English Version only)

● Japanese Windows Server 2003, Service Pack 1

● Windows Server 2003, R2, Standard Edition

● Windows Server 2003, Service Pack 2

● Windows Server 2003, R2, Service Pack 2

Minimum of 800 x 600 (256 colors)

Ordering Information

Cisco Secure ACS products are available for purchase through regular Cisco sales and distribution channels worldwide. Please refer to the Cisco Secure ACS 4.2 product bulletins for Cisco Secure ACS product numbers at http://www.cisco.com/en/US/products/sw/secursw/ps2086/prod_bulletins_list.html

.

To place an order, visit the Cisco Ordering Home Page .

Service and Support

Cisco offers a wide range of services programs to accelerate customer success. These innovative programs are delivered through a unique combination of people, processes, tools, and partners, resulting in high levels of customer satisfaction. Cisco services help you to protect your network investment, optimize network operations, and prepare your network for new applications to extend network intelligence and the power of your business. For more information about Cisco services, see Cisco Technical Support Services .

For More Information

For more information about Cisco Secure ACS products please visit http://www.cisco.com/go/acs or emali the product marketing team at [email protected]

For questions about product ordering and availability and for support contract information, please contact your local account representative.

© 2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.

C78-453387-02 07/09

Page 3 of 3