Cisco Secure Access Control System 5.5

Similar documents
Cisco Secure Control Access System 5.8

Cisco Secure Access Control Server 4.2 for Windows

Cisco Secure Network Server

Cisco Secure ACS. By Igor Koudashev, Systems Engineer, Cisco Systems Australia 2006 Cisco Systems, Inc. All rights reserved.

Cisco Identity Services Engine

How To Use Cisco Identity Based Networking Services (Ibns)

Symantec NetBackup 5220

CiscoWorks Resource Manager Essentials 4.3

Servers, Clients. Displaying max. 60 cameras at the same time Recording max. 80 cameras Server-side VCA Desktop or rackmount form factor

HP Intelligent Management Center User Access Management Software

QuickSpecs. HP PCM Plus v4 Network Management Software Series (Retired) Key features

Cisco UCS Central Software

Cisco TelePresence Conductor

Cisco MCS 7825-H3 Unified Communications Manager Appliance

Cisco Application Networking Manager Version 2.0

Ignify ecommerce. Item Requirements Notes

HP PCM Plus v4 Network Management Software Series

Panorama PANORAMA. Panorama provides centralized policy and device management over a network of Palo Alto Networks next-generation firewalls.

TimePictra Release 10.0

Cisco Expressway Series

CiscoWorks Resource Manager Essentials 4.1

HP E-PCM Plus Network Management Software Series

Cisco TrustSec How-To Guide: Planning and Predeployment Checklists

Security. AAA Identity Management. Premdeep Banga, CCIE # Cisco Press. Vivek Santuka, CCIE # Brandon J. Carroll, CCIE #23837

Cisco 7816-I5 Media Convergence Server

NCP Secure Enterprise Management Next Generation Network Access Technology

Kompetenčné centrum. Martin Jenčo V 1.0

Data Sheet. NCP Secure Enterprise Management. General description. Highlights

HP PCM Plus v3 Network Management Software Series Overview

Easy and secure application access from anywhere

ARUBA CLEARPASS POLICY MANAGER

Cisco UCS B440 M2 High-Performance Blade Server

DS Series Solutions Integrated Solutions for Secure, Centralized Data Center Management

Symantec NetBackup 5000 Appliance Series

Forcepoint Stonesoft Management Center

F5 BIG-IP V9 Local Traffic Management EE Demo Version. ITCertKeys.com

DS SERIES SOLUTIONS ALL AT ONCE

Cisco Wide Area Virtualization Engine

Cisco Prime Data Center Network Manager Release 6.1

McAfee Security. Management Client

Cisco MCS 7816-I3 Unified Communications Manager Appliance

Panorama. Panorama provides network security management beyond other central management solutions.

Models HP IMC Smart Connect Edition Virtual Appliance Software E-LTU

Cisco ASA 5585-X Next-Generation Firewall

Centralized Orchestration and Performance Monitoring

Identikey Server Performance and Deployment Guide 3.1

Cisco Home Agent Service Manager 4.1

Administration Guide NetIQ Privileged Account Manager 3.0.1

Cisco NetFlow Generation Appliance (NGA) 3140

Cisco MCS 7825-H2 Unified CallManager Appliance

Kaseya IT Automation Framework

Cisco MCS 7845-I2 Unified Communications Manager Appliance

Opengear Technical Note

Cisco 3300 Series Mobility Services Engine

Power Redundancy. I/O Connectivity Blade Compatibility KVM Support

CloudBridge. Deliver the mobile workspace effectively and efficiently over any network. CloudBridge features

Cisco M-Series Content Security Management Appliance for and Web Security Appliances

Cisco Network Planning Solution 2.0 Cisco Network Planning Solution Service Provider 2.0

Cisco TelePresence Video Communication Server Starter Pack Express Bundle

The most advanced policy management platform available

Security Information & Event Manager (SIEM)

Implementing Cisco IOS Network Security v2.0 (IINS)

firemon Powering Proactive Security Appliance Features: Meet the Family Quick initial setup Hardened O/S

Alliance Key Manager A Solution Brief for Technical Implementers

Data Communications Hardware Data Communications Storage and Backup Data Communications Servers

Cisco Virtual Network Management Center

Cisco IT Validates Rigorous Identity and Policy Enforcement in Its Own Wired and Wireless Networks

(d-5273) CCIE Security v3.0 Written Exam Topics

HP Intelligent Management Center Standard Software Platform

ClearPass Policy Manager

Benefits. Product Overview. There is nothing more important than our customers. DATASHEET

RAD-Series RADIUS Server Version 7.1

Cisco TelePresence Management Suite

Cisco IP Solution Center MPLS VPN Management 5.0

Cisco ASA 5500 Series Adaptive Security Appliance 8.2 Software Release

Cisco IOS SSL VPN: Router-Based Remote Access for Employees and Partners

NCP Secure Enterprise Management Next Generation Network Access Technology

Introduction to VMware EVO: RAIL. White Paper

Installing and Configuring vcenter Multi-Hypervisor Manager

Cisco Secure Access Control Server Deployment Guide

Cisco NAC Appliance Hardware Platforms

Authentication. Authentication in FortiOS. Single Sign-On (SSO)

PANORAMA. Panorama provides centralized policy and device management over a network of Palo Alto Networks next-generation firewalls.

Cisco OnPlus Service. Economical Managed Network Services

Cisco Prime Optical. Overview

Storage System. Planning Checklist. EC E1, First Edition

DEPLOYMENT GUIDE Version 1.2. Deploying F5 with Oracle E-Business Suite 12

Cisco WAE Deployed with Cisco ACNS: Product Function Matrix. Two 10/100/1000BASE-T. Two 10/100/1000BASE- T

Secret Server Qualys Integration Guide

Professional Integrated SSL-VPN Appliance for Small and Medium-sized businesses

Blue Planet. Introduction. Blue Planet Components. Benefits

Cisco Unified Service Statistics Manager 8.7

Datasheet. Advanced Network Routers. Models: ERPro-8, ER-8, ERPoe-5, ERLite-3. Sophisticated Routing Features

ANNEX III BUDGET PROPOSAL AS PER LOTS LOT 1

NetScaler VPX FAQ. Table of Contents

Cisco IronPort C370 for Medium-Sized Enterprises and Satellite Offices

Sharp Remote Device Manager (SRDM) Server Software Setup Guide

NETWORK AND SECURITY MANAGER APPLIANCES (NSMXPRESS AND NSM3000)

Symantec Endpoint Protection 11.0 Architecture, Sizing, and Performance Recommendations

How To Build A Cisco Ukcsob420 M3 Blade Server

Transcription:

Data Sheet Cisco Secure Access Control System 5.5 Cisco Secure Access Control System (ACS) ties together an enterprise s network access policy and identity strategy. Cisco Secure ACS is the world s most trusted policy-based enterprise access and network device administration control platform, deployed by about 80 percent of Fortune 500 companies. Cisco Secure ACS, a core component of the Cisco TrustSec solution, is a highly sophisticated policy platform providing RADIUS and TACACS+ services. It supports the increasingly complex policies needed to meet today's demands for access control management and compliance. Cisco Secure ACS provides central management of access policies for device administration and for wireless, wired 802.1x, and remote (VPN) network access scenarios. Figure 1 shows the Cisco SNS 3415 Secure appliance, based on the Cisco UCS C220 M3 platform. Cisco Secure ACS 5.5 software can run on the Cisco SNS 3415 and 3495 * servers as well as on the legacy 1120 and 1121 Secure ACS appliances, which have reached their end-of-sale dates. Figure 1. Cisco Secure Network Server 3415 Appliance for Secure Access Control System 5.5 Software Product Overview With the ever-increasing reliance on enterprise networks to perform daily job routines and the increasing number of methods available to access today s networks, security breaches and uncontrolled user access are primary concerns for enterprises. Network security officers and administrators need solutions that support flexible authentication and authorization policies that are tied not only to a user s identity but also to context such as the network access type, time of day the access is requested, and the security of the machine used to access the network. Further, there is a stronger need to effectively audit the use of network devices, monitor the activities of device administrators for corporate compliance, and provide broader visibility and control over device access policies across the network. Cisco Secure ACS is a highly scalable, high-performance access policy system that centralizes device administration, authentication, and user access policy while reducing the management and support burden for these functions. 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 5

Features and Benefits Cisco Secure ACS 5.5 serves as a Policy Administration Point (PAP) and Policy Decision Point (PDP) for policybased network device access control, offering a large set of identity management capabilities, including: Unique, flexible, and granular device administration in IPv4 and IPv6 networks with full auditing and reporting capabilities as required for standards compliance A powerful, attribute-driven rules-based policy model that addresses complex policy needs in a flexible manner A lightweight, web-based graphical user interface (GUI) with intuitive navigation and workflow accessible from both IPv4 and IPv6 clients Integrated advanced monitoring, reporting, and troubleshooting capabilities for maximum control and visibility Integration with external identity and policy databases, including Windows Active Directory and Lightweight Directory Access Protocol (LDAP)-accessible databases, simplifying policy configuration and maintenance A distributed deployment model that enables large-scale deployments and provides a highly available solution The Cisco Secure ACS 5.5 rules-based policy model supports the application of different authorization rules under different conditions; thus, policy is contextual and not limited to authorization determined by a single group membership. New integration capabilities allow information in external databases to be directly referenced in access policy rules, and attributes can be used both in policy conditions and in authorization rules. Cisco Secure ACS 5.5 features the centralized collection and reporting of activity and system health information for full manageability of distributed deployments. It supports proactive operations such as monitoring and diagnostics, and reactive operations such as reporting and troubleshooting. Advanced features include a deployment-wide session monitor, threshold-based notifications, entitlement reports, and diagnostic tools. Table 1 lists the key features and benefits of Cisco Secure ACS 5.5. Table 1. Key Features and Benefits of Cisco Secure ACS 5.5 Feature Complete access control and confidentiality solution AAA protocols Database options Authentication protocols Benefit Cisco Secure ACS 5.5 can be deployed with other Cisco TrustSec components, including policy components, infrastructure enforcement components, endpoint components, and professional services. Cisco Secure ACS 5.5 supports two distinct protocols for authentication, authorization, and accounting (AAA): RADIUS for network access control and TACACS+ for network device access control. Cisco Secure ACS is a single system for enforcing access policy across the network as well as network device configuration and change management as required for standards compliance such as PCI compliance. Cisco Secure ACS 5.5 supports AAA features for TACACS+ based device administration on both IPv4 and IPv6 networks. Cisco Secure ACS 5.5 supports an integrated user repository in addition to integration with existing external identity repositories such as Windows Active Directory servers, LDAP servers, and RSA token servers. This capability enables the use of multiple LDAP servers for an ACS cluster and primary/backup LDAP servers per ACS node (instance); in addition, each ACS instance can be connected to a different AD domain. In ACS 5.5, it is possible to define multi-value attributes for AD and LDAP servers, use Boolean AD values, and enter substitutions for AD IPv4 address attributes. Multiple databases can be used concurrently for maximum flexibility in enforcing access policy with identity store sequences. It is possible to add ACS administrators stored in external AD and LDAP databases and authenticate them via those identity stores. Cisco Secure ACS 5.5 supports a wide range of authentication protocols, including PAP, MS-CHAP, Extensible Authentication Protocol (EAP)-MD5, Protected EAP (PEAP), EAP-Flexible Authentication via Secure Tunneling (FAST), EAP-Transport Layer Security (TLS), and PEAP-TLS. It also supports TACACS+ authentication with CHAP/MSCHAP protocols and PAP-based password change when using TACACS+ and EAP-GTC with LDAP servers. 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 2 of 5

Feature Access policies Centralized management Usability enhancements Support for high availability in larger ACS deployments Programmatic interface Monitoring, reporting, and troubleshooting Security enhancements Proxy services Platform options Certifications Benefit Cisco Secure ACS 5.5 supports a rules-based, attribute-driven policy model that provides greatly increased power and flexibility for access control policies that may include authentication protocol requirements, device restrictions, time-ofday restrictions, and other access requirements. Cisco Secure ACS may apply downloadable access control lists (dacls), VLAN assignments, and other authorization parameters. Version 5.5 can also disable user accounts within the internal database based on the expiration of a user or group. Furthermore, it allows comparison between the values of any two attributes that are available to Cisco Secure ACS to be used in identity, group-mapping, and authorization policy rules. Cisco Secure ACS 5.5 supports a completely redesigned lightweight, web-based GUI that is easy to use. An efficient, incremental replication scheme quickly propagates changes from primary to secondary systems, providing centralized control over distributed deployments. Software upgrades are also managed through the GUI and can be distributed by the primary system to secondary instances. Cisco Secure ACS 5.5 adds support for the following enhancements: Import of vendor-specific attributes from comma-separated values (CSV) files Auto-refresh at user-defined intervals for pages that have a refresh button NIC bonding (a virtual IP address shared by all enabled Ethernet interfaces) Reuse of the current RSA token cached by ACS Option to allow any ACS administrator to be disabled or deleted, including a predefined acsadmin account Reinstallation of the Base license from the ACS GUI without having to reset ACS Cisco Secure ACS 5.5 supports up to 22 instances in a single ACS cluster: 1 primary and 21 secondary, one of which can work as a hot (active) standby that can be manually promoted to primary in case of primary failure. Cisco Secure ACS 5.5 supports a programmatic interface for Create/Read/Update/Delete operations on users and identity groups, network devices, and hosts (endpoints) within the internal database. It also adds the capability to export the list of ACS administrators and their roles via the same Web Services API. Cisco Secure ACS 5.5 includes an integrated monitoring, reporting, and troubleshooting component that is accessible through the web-based GUI. This tool provides maximum visibility into configured policies and authentication and authorization activities across the network. Logs are viewable and exportable for use in other systems as well. ACS 5.5 supports generating reports for longer periods of time, sending scheduled (automated) reports via email, and generating reports for policy configuration changes between two specified times, and supports secure syslogs, logs/alarms for replication failures, and SNMP traps for ACS health status. Other distributed system monitoring enhancements are added in ACS 5.5 as well. Cisco Secure ACS 5.5 adds code to prevent ACS administrator management spoofing, supports an option to secure the ACS backup with a custom password provided by the ACS administrator, and supports downloading CRLs over HTTPS in addition to HTTP. Cisco Secure ACS 5.5 can function as a RADIUS or TACACS+ proxy for an external AAA server by forwarding incoming AAA requests from a network access device (NAD) to the external server and forwarding responses from that server back to the NAD initiating such requests. ACS 5.5 also adds the capability to add and/or overwrite RADIUS attributes within proxied AAA requests sent to the external AAA server as well as within the responses sent from the external AAA server. Cisco Secure ACS 5.5 is available as a closed and hardened Linux-based SNS 3415/3495 * appliance or as a software operating system image for VMware ESX/ESXi 5.0/5.1. It is also supported on the legacy 1120 and 1121 Secure ACS appliances, which have reached their end-of-sale dates. Version 5.5 will be certified for FIPS 140-2 Level 1 as required by U.S. federal customers. * The SNS 3495 platform with ACS 5.5 software is scheduled to be available in December 2013. System Requirements Cisco Secure ACS 5.5 is available as a one-rack-unit (1 RU), security-hardened, Linux-based appliance with preinstalled Cisco Secure ACS software on the Cisco SNS 3415 and 3495 * appliances as well as the legacy Cisco 1120 and 1121 Secure ACS appliances. It is also available as a software operating system image for installation in a virtual machine on VMware ESX/ESXi 5.0/5.1. Table 2 and Table 3 list the system specifications for the Cisco SNS 3415 and 3495 appliances, respectively. For VMware ESX system requirements, please review Table 4. 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 3 of 5

Table 2. Cisco SNS 3415 Appliance 2.4 GHz Intel Sandy Bridge E5-2609/80W 4C/10MB Cache/DDR3-1600-MHz Hard disk drive Software RAID controller Optical storage Network connectivity I/O ports Trusted Platform Module SSL acceleration card Rack-mounting Physical dimensions (1 RU) (H x W x D) Weight 16 GB total - 4 x 4 GB DDR3-1600-MHz RDIMM 600 GB 6 Gbps SAS 10K RPM HDD Not used by ACS application software None 4 x 1GB NIC interfaces Note: Only Ethernet0 can be used for management functions; all interfaces listen to AAA requests. Rear panel: 1 DB9 serial port, 2 USB 2.0 ports, 1 DB15 VGA port, and NIC connectors Front panel: KVM console connector, which supplies 2 USB, 1 VGA, and 1 serial port No 4-post 1.7 x 16.92 x 28.5 in 4.32 x 43.0 x 72.4 x cm 27.1 lb (12.2 kg) Power Number of power supplies 1 Power supply size 650W universal (input voltage: 90-260 V; 47-63 Hz) Environmental Operating temperature range 41 to 104 F; 5 to 40 C (decrease max temperature by 1 C per every 305 m/1000 ft of altitude above sea leve l) Operating altitude 0 to 3000 m (0 to 10,000 ft) Table 3. Cisco SNS 3495 Appliance * Hard disk drive 2 x 2.4 GHz Intel Sandy Bridge E5-2609/80W 4C/10MB Cache/DDR3-1600-MHz 32 GB total - 8 x 4 GB DDR3-1600-MHz RDIMM 2 x 600 GB 6 Gbps SAS 10K RPM HDD Hardware RAID controller Level 0 & 1 LSI 2008 SAS RAID mezzanine card Optical storage Network connectivity I/O ports Trusted Platform Module SSL acceleration card Rack-mounting Physical dimensions (1 RU) (H x W x D) Weight None 4 x 1GB NIC interfaces Note: Only Ethernet0 can be used for management functions; all interfaces listen to AAA requests Rear panel: 1 DB9 serial port, 2 USB 2.0 ports, 1 DB15 VGA port, and NIC connectors Front panel: KVM console connector, which supplies 2 USB, 1 VGA, and 1 serial port 4-post 1.7 x 16.92 x 28.5 in 4. 32 x 43.0 x 72.4 cm 27.1 lb (12.2 kg) 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 4 of 5

Power Number of power supplies 2 Power supply size 650W universal (input voltage: 90-260 V; 47-63 Hz) Environmental Operating temperature range 41 to 104 F; 5 to 40 C (decrease max temperature by 1 C per every 305 m/1000 ft of altitude above sea le vel) Operating altitude 0 to 3000 m (0 to 10,000 ft) * SNS 3495 platform with ACS 5.5 software is scheduled to be available in December 2013. Table 4. Cisco Secure ACS 5.5 VMware Requirements VMware version ESX/ESXi 5.0 and 5.1 2 s (dual, Xeon, Core2 Duo, or 2 single s) 4 GB RAM Hard disk requirement User-configurable between 60 GB and 750 GB (minimum 150 GB is recommended) NIC Network NIC (1 Gbps) available for ACS application use Ordering Information Cisco Secure ACS products are available for purchase through regular Cisco sales and distribution channels worldwide. Please refer to the Cisco Secure ACS 5.5 product bulletin for Cisco Secure ACS 5.5 product numbers and ordering information. To place an order, contact your account representative or visit the Cisco Ordering homepage. Service and Support Cisco offers a wide range of service programs to accelerate customer success. These innovative programs are delivered through a unique combination of people, processes, tools, and partners, resulting in high levels of customer satisfaction. Cisco services help you to protect your network investment, optimize network operations, and prepare your network for new applications to extend network intelligence and the power of your business. For more information about Cisco services, see Cisco Technical Support Services. For More Information Please check the Cisco Secure ACS homepage at http://www.cisco.com/go/acs for the latest information about Cisco Secure ACS. Printed in USA C78-729604-00 10/13 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 5 of 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information