2-7
User Guide for Cisco Secure ACS for Windows Server
78-14696-01, Version 3.1
Chapter 2 Deploying Cisco Secure ACS
Basic Deployment Factors for Cisco Secure ACS
Figure 2-2
Large Dial-up Network
In a very large, geographically dispersed network (
Figure 2-3
), there may be
access servers located in different parts of a city, in different cities, or on different
continents. If network latency is not an issue, a central Cisco Secure ACS may
work but connection reliability over long distances may cause problems. In this
case, local Cisco Secure ACSes may be preferable to a central Cisco Secure ACS.
If the need for a globally coherent user database is most important, database
replication or synchronization from a central Cisco Secure ACS may be
necessary. Authentication using external databases, such as Windows NT/2000 or
the Lightweight Directory Access Protocol (LDAP), can further complicate the
deployment of distributed, localized Cisco Secure ACSes. While
Cisco Secure ACS uses encryption for all replication and database
synchronization traffic, additional security measures may be required to protect
the network and user information that Cisco Secure ACS sends across the WAN.
63487
Cisco AS5300's
Macintosh server
Novell server
UNIX server
Windows NT server
Cisco Secure
Access Control
Server
Cisco AS5300