User Guide for Cisco Secure ACS for Windows Server
78-14696-01, Version 3.1
Chapter 1 Overview of Cisco Secure ACS
Cisco Secure ACS Specifications
System Performance Specifications
The performance capabilities of Cisco Secure ACS are largely dependent upon
the Windows server it is installed upon, your network topology and network
management, the selection of user databases, and other factors. For example,
Cisco Secure ACS can perform many more authentications per second if it is
using its internal user database and running on a 2.1-GHz Pentium IV server on a
1 GB Ethernet backbone than it can if it is using an external user database and
running on a 550-MHz Pentium III server on a 10 MB LAN.
For more information about the expected performance of Cisco Secure ACS in
your network setting, contact your Cisco sales representative. The following
items are general answers to common system performance questions. The
performance of Cisco Secure ACS in your network depends on your specific
environment and AAA requirements.
Maximum users supported by the CiscoSecure user database—There is
no theoretical limit to the number of users the CiscoSecure user database can
support. We have successfully tested Cisco Secure ACS with databases in
excess of 100,000 users. The practical limit for a single Cisco Secure ACS
authenticating against all its databases, internal and external, is 300,000 to
500,000 users. This number increases significantly if the authentication load
is spread across a number of replicated Cisco Secure ACS servers.
Transactions per second—Authentication and authorization transactions
per second is dependent on many factors, most of which are external to
Cisco Secure ACS. For example, high network latency in communication
with an external user database lowers the transactions per second that
Cisco Secure ACS can perform.
Maximum number of AAA clients supported—Cisco Secure ACS can
support AAA services for approximately 5000 AAA client configurations.
This limitation is primarily a limitation of the Cisco Secure ACS HTML
interface. Performance of the HTML interface degrades when
Cisco Secure ACS has more than approximately 5000 AAA client
configurations. However, a AAA client configuration in Cisco Secure ACS
can represent more than one physical network device, provided that the
network devices use the same AAA protocol and use the same shared secret.
If you make use of this ability, the number of actual AAA clients supported
approaches 20,000.