Cisco Secure Control Access System 5.8



Similar documents
Cisco Secure Access Control System 5.5

Cisco Secure Network Server

Cisco Secure Access Control Server 4.2 for Windows

Cisco Identity Services Engine

Cisco Secure ACS. By Igor Koudashev, Systems Engineer, Cisco Systems Australia 2006 Cisco Systems, Inc. All rights reserved.

Cisco MCS 7825-H3 Unified Communications Manager Appliance

Cisco 7816-I5 Media Convergence Server

HP Intelligent Management Center User Access Management Software

Cisco UCS B440 M2 High-Performance Blade Server

Cisco MCS 7825-H2 Unified CallManager Appliance

QuickSpecs. HP PCM Plus v4 Network Management Software Series (Retired) Key features

Cisco UCS Central Software

Cisco MCS 7845-I2 Unified Communications Manager Appliance

How To Use Cisco Identity Based Networking Services (Ibns)

Ignify ecommerce. Item Requirements Notes

Cisco MCS 7816-I3 Unified Communications Manager Appliance

Power Redundancy. I/O Connectivity Blade Compatibility KVM Support

Kaseya IT Automation Framework

Cisco UCS C24 M3 Server

How To Use The Cisco Aironet 1240G Series For A Wireless Network (Wired) And For A Wired Network (Wireless)

Cisco Expressway Series

How To Build A Cisco Ukcsob420 M3 Blade Server

HP E-PCM Plus Network Management Software Series

DS SERIES SOLUTIONS ALL AT ONCE

msuite5 & mdesign Installation Prerequisites

Hardware & Software Specification i2itracks/popiq

Cisco Wide Area Virtualization Engine

Cisco UCS B-Series M2 Blade Servers

How To Set Up A Firewall Enterprise, Multi Firewall Edition And Virtual Firewall

Cisco Unified Computing System Hardware

Servers, Clients. Displaying max. 60 cameras at the same time Recording max. 80 cameras Server-side VCA Desktop or rackmount form factor

ROSA Server MKVI. A Complete, Powerful Solution

Symantec Endpoint Protection 11.0 Architecture, Sizing, and Performance Recommendations

Symantec NetBackup 5220

Symantec NetBackup 5000 Appliance Series

Cisco TelePresence Conductor

ClearPass Policy Manager

HP PCM Plus v4 Network Management Software Series

Cisco 3300 Series Mobility Services Engine

Cisco NAC Appliance Hardware Platforms

Chapter 5 Cubix XP4 Blade Server

ARUBA CLEARPASS POLICY MANAGER

Alliance Key Manager Solution Brief

Cisco NetFlow Generation Appliance (NGA) 3140

Cisco Aironet 1130G Series IEEE g Access Point

CC2000. Control Center Over the NET Management Software

Tipos de Máquinas. 1. Overview x3550 M2. Features X550M2

Security. AAA Identity Management. Premdeep Banga, CCIE # Cisco Press. Vivek Santuka, CCIE # Brandon J. Carroll, CCIE #23837

Models HP IMC Smart Connect Edition Virtual Appliance Software E-LTU

Cisco Virtual Network Management Center

HP Intelligent Management Center Standard Software Platform

Merge CADstream. For IT Professionals. Merge CADstream,

Cisco-EMC Microsoft SQL Server Fast Track Warehouse 3.0 Enterprise Reference Configurations. Data Sheet

A Smart Investment for Flexible, Modular and Scalable Blade Architecture Designed for High-Performance Computing.

FUJITSU Enterprise Product & Solution Facts

XenData Product Brief: SX-250 Archive Server for LTO

CloudBridge. Deliver the mobile workspace effectively and efficiently over any network. CloudBridge features

Application Server V240 Platform

Cisco UCS C220 M3 Server

Cisco Unified Computing System and EMC VNXe3300 Unified Storage System

Interface Adapters PS/2 Interface Adapter 1 pack B21 PS/2 Interface Adapter 8 pack B21 USB Interface Adapter 1 pack B21

NCP Secure Enterprise Management Next Generation Network Access Technology

Veeam Cloud Connect. Version 8.0. Administrator Guide

Minimum Hardware Specifications Upgrades

IBM TotalStorage Network Attached Storage 100

Cisco WAE Deployed with Cisco ACNS: Product Function Matrix. Two 10/100/1000BASE-T. Two 10/100/1000BASE- T

HP PCM Plus v3 Network Management Software Series Overview

firemon Powering Proactive Security Appliance Features: Meet the Family Quick initial setup Hardened O/S

QuickSpecs. HP 200 G1 Microtower Business PC. HP 200 G1 Microtower Business PC. Overview

NEC EXPRESS5800/R320c-E4 Configuration Guide

VMware Workspace Portal Reference Architecture

Boost Database Performance with the Cisco UCS Storage Accelerator

Cisco TrustSec How-To Guide: Planning and Predeployment Checklists

The most advanced policy management platform available

HP Intelligent Management Center Enterprise Software Platform

Introduction to VMware EVO: RAIL. White Paper

Identikey Server Performance and Deployment Guide 3.1

Cisco Small Business Smart Storage Solutions

Cisco SmartPlay Select. Cisco Global Data Center Promotional Program

New Lenovo IdeaCentre A600 systems with Intel processor technology deliver high-performance computing at a competitive price

Terms of Reference Microsoft Exchange and Domain Controller/ AD implementation

Terminal Server Software and Hardware Requirements. Terminal Server. Software and Hardware Requirements. Datacolor Match Pigment Datacolor Tools

DS Series Solutions Integrated Solutions for Secure, Centralized Data Center Management

GV-Hot Swap Backup Center System (Rev. B) 3U, 16 / 8-Bay

DCS Data and communication server

Cisco NetFlow Generation Appliance 3240

What s New in Juniper Networks Secure Access (SA) SSL VPN Version 6.4

HP Intelligent Management Center Standard Software Platform

RSA Authentication Manager 8.1 Setup and Configuration Guide. Revision 2

Cisco Network Planning Solution 2.0 Cisco Network Planning Solution Service Provider 2.0

XenData Product Brief: SX-550 Series Servers for LTO Archives

Installing an OS on a Server

How To Encrypt Data On A Network With Cisco Storage Media Encryption (Sme) For Disk And Tape (Smine)

CiscoWorks Resource Manager Essentials 4.3

XenData Product Brief: SX-520 Series Servers for Sony Optical Disc Archives

Cisco Prime Optical. Overview

Part-1: SERVER AND PC

Cisco UCS E-Series Servers and Network Compute Engines

How To Configure Your Computer With A Microsoft X86 V3.2 (X86) And X86 (Xo) (Xos) (Powerbook) (For Microsoft) (Microsoft) And Zilog (X

Transcription:

Data Sheet Cisco Secure Control Access System 5.8 Cisco Secure Access Control System ties together an enterprise s network access policy and identity strategy. It is the world s most trusted policy-based platform for enterprise access and network device administration control, deployed by about 80 percent of Fortune 500 companies. Product Overview Secure Access Control System, a core component of the Cisco TrustSec solution, is a highly sophisticated policy platform providing RADIUS and TACACS+ services. It supports the increasingly complex policies needed to meet today's demands for access control management and compliance. It manages access policies for device administration and for wireless, wired IEEE 802.1X, and remote (VPN) network access scenarios. Figure 1 shows the Cisco Secure Network Server 3495 appliance, based on the Cisco UCS C220 M3 Rack Server platform. Release 5.8 of the Secure Access Control System software can run on the Secure Network Server 3495 and 3415 appliances as well as on existing Secure Access Control 1121 appliances, which have reached their end-of-sale dates. Figure 1. Secure Network Server 3415 Appliance for Secure Access Control System 5.8 Organizations rely on enterprise networks to perform daily job routines. With the increasing number of methods available to access those networks, security breaches and uncontrolled user access are primary concerns. Network security officers and administrators need solutions that support flexible authentication and authorization policies that are tied not only to a user s identity but also to context such as the network access type, time of day the access is requested, and the security of the machine used to access the network. Further, there is a stronger need to effectively audit the use of network devices, monitor the activities of device administrators for corporate compliance, and provide broader visibility and control over device-access policies across the network. Secure Access Control System is a highly scalable, high-performance access policy system that centralizes device administration, authentication, and user-access policy while reducing the management and support burden for these functions. Features and Benefits Secure Access Control System 5.8 serves as a policy administration point (PAP) and policy decision point (PDP) for policy-based network device-access control, offering a large set of identity management capabilities, including: Unique, flexible, and detailed device administration in IPv4 and IPv6 networks, with full auditing and reporting capabilities as required for standards compliance A powerful, attribute-guided and rules-based policy model that flexibly addresses complex policy needs 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 5

A lightweight, web-based GUI with intuitive navigation and workflow accessible from both IPv4 and IPv6 clients Integrated advanced monitoring, reporting, and troubleshooting capabilities for excellent control and visibility Integration with external identity and policy databases, including Microsoft Active Directory and Lightweight Directory Access Protocol (LDAP)-accessible databases, simplifying policy configuration and maintenance A distributed deployment model that supports large-scale deployments and provides a highly available solution The rules-based policy model supports the application of different authorization rules under different conditions. Thus, policy is contextual and not limited to authorization determined by a single group membership. Information in external databases can be directly referenced in access policy rules. Attributes can be used both in policy conditions and in authorization rules. Secure Access Control System 5.8 features the centralized collection and reporting of activity and system health information for full manageability of distributed deployments. It supports proactive operations such as monitoring and diagnostics, and reactive operations such as reporting and troubleshooting. Advanced features include a deployment-wide session monitor, threshold-based notifications, entitlement reports, and diagnostic tools. Table 1 lists the solution s main features and benefits. Table 1. Main Features and Benefits Feature Complete access control and confidentiality solution Authentication, authorization, and accounting (AAA) protocols Database options Authentication protocols Access policies Centralized management Support for high availability in larger deployments Benefit The solution can be deployed with other Cisco TrustSec components, including policy components, infrastructure enforcement components, endpoint components, and professional services. Two distinct AAA protocols are supported: RADIUS for network access control and TACACS+ for network device access control. Secure Access Control System is a single system for enforcing access policy across the network as well as network device configuration and change management as required for standards compliance such as Payment Card Industry (PCI) compliance. It supports AAA features for TACACS+-based device administration on both IPv4 and IPv6 networks. Secure Access Control System 5.8 supports an integrated user repository in addition to integration with existing external identity repositories such as Microsoft Active Directory servers, LDAP servers, and RSA token servers. You can use multiple LDAP servers for a Secure Access Control System cluster and primary and backup LDAP servers for Secure Access Control System nodes (instances). In addition, each instance can be connected to a different Microsoft Active Directory domain. You can define multivalue attributes for Active Directory and LDAP servers, use Boolean Active Directory values, and enter substitutions for Active Directory IPv4 address attributes. Multiple databases can be used concurrently for exceptional flexibility in enforcing access policy with identity store sequences. You also can add Secure Access Control System administrators stored in external Active Directory and LDAP databases and authenticate them using those identity stores. A wide range of authentication protocols are supported, including PAP, MS-CHAP, Extensible Authentication Protocol (EAP)-MD5, Protected EAP (PEAP), EAP-Flexible Authentication through Secure Tunneling (FAST), EAP- Transport Layer Security (TLS), and PEAP-TLS. The solution also supports TACACS+ authentication with CHAP and MSCHAP protocols and PAP-based password change when using TACACS+ and EAP-GTC with LDAP servers. The rules-based, attribute-guided policy model provides greatly increased power and flexibility for access control policies, which can include authentication protocol requirements, device restrictions, time-of-day restrictions, and other access requirements. Secure Access Control System can apply downloadable access control lists (dacls), VLAN assignments, and other authorization parameters. Furthermore, it allows a comparison between the values of any two attributes that are available to Secure Access Control System to be used in identity, group-mapping, and authorization policy rules. The lightweight, web-based GUI is easy to use. An efficient, incremental replication scheme quickly propagates changes from primary to secondary systems, providing centralized control over distributed deployments. Software upgrades are also managed through the GUI and can be distributed by the primary system to secondary instances. Secure Access Control System 5.8 supports up to 22 instances in a single cluster: 1 primary and 21 secondary. One of these instances can function as a hot (active) standby system, which can be manually promoted to the primary system in the event that the original primary system fails. 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 2 of 5

Feature Programmatic interface Monitoring, reporting, and troubleshooting Proxy services Benefit A programmatic interface is used for create, read, update, and delete operations on users and identity groups, network devices, and hosts (endpoints) within the internal database. The list of administrators and their roles can be exported through the same web services API. An integrated monitoring, reporting, and troubleshooting component is accessible through the web-based GUI. This tool provides excellent visibility into configured policies and authentication and authorization activities across the network. Logs are viewable and exportable for use in other systems as well. The solution can function as a RADIUS or TACACS+ proxy for an external AAA server. It forwards incoming AAA requests from a network access device (NAD) to the external server and forwards responses from that server back to the NAD initiating such requests. It can also add and overwrite RADIUS attributes in proxied AAA requests sent to the external AAA server as well as those in the responses sent back from the external AAA server. FIPS 140-2 Level 1 Secure Access Control System 5.8 is compliant with Federal Information Processing Standard (FIPS) 140-2 Level 1. The solution s embedded FIPS 140-2 Level 1 implementation uses validated Cisco Common Cryptographic Module (C3M) and Network Security Services (NSS) modules, adhering to FIPS 140-2 Implementation Guidance section G.5 guidelines. The key size of Certificate Authority certificates and server certificates that are used in Secure Access Control System should be at least 2048 bits. The key size of client certificates should be at least 1024 bits. Release 5.8 is available as a closed and hardened Linux-based Cisco SNS 3415 or 3495 appliance or as a software operating system image for VMware ESX or ESXi 5.1,5.5 and 6.0. It is also supported on the older Secure Access Control System 1121 appliance, which has reached its end-of-sale date. Release 5.8 adds the following new features on top of the features available in Release 5.7: PowerBroker Identity Services (PBIS) library support for Active Directory integration Capability to authenticate administrators against RSA identity and RADIUS SecurID servers Capability to export policies from the web interface Capability to change internal user passwords using representational state transfer (REST) API Internal administrator password hashing FIPS 140-2 Level 1 compliance System Requirements Secure Access Control System 5.8 is available as a one-rack-unit (1RU), security-hardened, Linux-based appliance with preinstalled system software on the Cisco SNS 3415 and 3495 appliances as well as the older Cisco 1121 for Secure Access Control System Engine appliances. It is also available as a software operating system image for installation in a virtual machine on VMware ESX and ESXi 5, 5.0 update 2, 5.1, 5.1 update 2, 5.5, 5.5 update 1, and 6.0. Table 2 and Table 3 list the system specifications for the Cisco SNS 3415 and 3495 appliances, respectively. For VMware ESXi system requirements, please see Table 4. Table 2. SNS 3415 Appliance 2.4-GHz Intel E5-2609, 80 watts (W), 4 cores, 10-MB cache, DDR3, and 1600 MHz Hard disk drive (HDD) Software RAID controller Optical storage Network connectivity I/O ports Trusted Platform Module SSL acceleration card 16 GB total: 4 x 4-GB DDR3 1600-MHz RDIMMs 600-GB 6-Gbps SAS 10,000-rpm HDD Not used by Secure Access Control System application software None 4 x 1-GB network interface card (NIC) interfaces Note: Only Ethernet0 can be used for management functions; all interfaces listen to AAA requests. Rear panel: 1 DB9 serial port, 2 USB 2.0 ports, 1 DB15 VGA port, and NIC connectors Front panel: Keyboard, video, and mouse (KVM) console connector, which supplies 2 USB ports, 1 VGA port, and 1 serial port No 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 3 of 5

Rack mount Physical dimensions (1RU) (H x W x D) Weight 4-post mount 1.7 x 16.92 x 28.5 in. (4.32 x 43.0 x 72.4 x cm) 27.1 lb (12.2 kg) Power Number of power supplies 1 Power supply size 650W universal (input voltage: 90 to 260V; 47 to 63 Hz) Environmental Operating temperature range 41 to 104 F (5 to 40 C); decrease maximum temperature by 1 C per every 1000 ft (305m) of altitude above sea level) Operating altitude 0 to 10,000 ft (0 to 3000m) Table 3. SNS 3495 Appliance 2 x 2.4-GHz Intel E5-2609, 80W, 4 cores, 10-MB cache, DDR3, and 1600 MHz Hard disk drive 32 GB total: 8 x 4-GB DDR3 1600-MHz RDIMMs 2 x 600-GB 6-Gbps SAS 10,000-rpm HDDs Hardware RAID controller Levels 0 and 1 LSI 2008 SAS RAID mezzanine card Optical storage Network connectivity I/O ports Trusted Platform Module SSL acceleration card Rack mount Physical dimensions (1RU) (H x W x D) Weight None 4 x 1-GB NIC interfaces Note: Only Ethernet0 can be used for management functions; all interfaces listen to AAA requests. Rear panel: 1 DB9 serial port, 2 USB 2.0 ports, 1 DB15 VGA port, and NIC connectors Front panel: KVM console connector, which supplies 2 USB ports, 1 VGA port, and 1 serial port 4-post mount 1.7 x 16.92 x 28.5 in. (4. 32 x 43.0 x 72.4 cm) 27.1 lb (12.2 kg) Power Number of power supplies 2 Power supply size 650W universal (input voltage: 90 to 260V; 47 to 63 Hz) Environmental Operating temperature range 41 to 104 F (5 to 40 C); decrease maximum temperature by 1 C per every 1000 ft (305m) of altitude above sea level) Operating altitude 0 to 10,000 ft (0 to 3000m) 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 4 of 5

Table 4. VMware Requirements VMware version VMware ESX and ESXi 5.1, 5.5 and 6.0. 2 s (dual s, Intel Xeon processors, Core 2 Duo or 2 single s) 4 GB or RAM Hard disk requirements User-configurable between 60 and 750 GB (minimum of 150 GB is recommended) NIC Network NIC (1 Gbps) available for Cisco Secure ACS application use Ordering Information Cisco Secure Access Control System products are available for purchase through regular Cisco sales and distribution channels worldwide. Please refer to the Cisco Secure Access Control System 5.8 product bulletin for part numbers and ordering information. To place an order, contact your account representative or visit the Cisco Ordering homepage. Service and Support Cisco offers a wide range of service programs to accelerate customer success. These innovative programs are delivered through a unique combination of people, processes, tools, and partners, resulting in high levels of customer satisfaction. Cisco Services help you protect your network investment, optimize network operations, and prepare your network for new applications to extend network intelligence and the power of your business. For more information about Cisco Services, see Cisco Technical Support Services. Cisco Capital Financing to Help You Achieve Your Objectives Cisco Capital can help you acquire the technology you need to achieve your objectives and stay competitive. We can help you reduce CapEx. Accelerate your growth. Optimize your investment dollars and ROI. Cisco Capital financing gives you flexibility in acquiring hardware, software, services, and complementary third-party equipment. And there s just one predictable payment. Cisco Capital is available in more than 100 countries. Learn more. For More Information Please check the Cisco Secure Access Control System homepage at http://www.cisco.com/go/acs for the latest solution information. Printed in USA C78-735913-00 10/15 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 5 of 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information