4-3
User Guide for Cisco Secure ACS for Windows Server
78-14696-01, Version 3.1
Chapter 4 Setting Up and Managing Network Configuration
About Distributed Systems
About Distributed Systems
Cisco Secure ACS can be used in a distributed system; that is, multiple
Cisco Secure ACS servers and authentication, authorization, and accounting
(AAA) servers can be configured to communicate with one another as primary,
backup, client, or peer systems. This enables you to use powerful features such as
the following:
•
Proxy
•
Fallback on failed connection
•
CiscoSecure database replication
•
Remote and centralized logging
AAA Servers in Distributed Systems
“AAA server” is the generic term for an access control server (ACS), and the two
terms are often used interchangeably. AAA servers are used to determine who can
access the network and what services are authorized for each user. The
AAA server stores a profile containing authentication and authorization
information for each user. Authentication information validates user identity, and
authorization information determines what network services a user is permitted to
use. A single AAA server can provide concurrent AAA services to many dial-up
access servers, routers, and firewalls. Each network device can be configured to
communicate with a AAA server. This makes it possible to centrally control
dial-up access, and to secure network devices from unauthorized access.
These types of access control have unique authentication and authorization
requirements. With Cisco Secure ACS, system administrators can use a variety of
authentication methods that are used with different degrees of authorization
privileges.
Completing the AAA functionality, Cisco Secure ACS serves as a central
repository for accounting information. Each user session granted by
Cisco Secure ACS can be fully accounted for, and its accounting information can
be stored in the server. This accounting information can be used for billing,
capacity planning, and security audits.