Chapter 2 Deploying Cisco Secure ACS
Suggested Deployment Sequence
2-20
User Guide for Cisco Secure ACS for Windows Server
78-14696-01, Version 3.1
mechanisms. For information about the types of databases Cisco Secure ACS
supports and instructions for establishing them, see
Chapter 11, “Working
with User Databases.”
Along with the decision to implement an external user database (or
databases), you should have detailed plans that specify your requirements for
Cisco Secure ACS database replication, backup, and synchronization. These
aspects of configuring CiscoSecure user database management are detailed in
Chapter 8, “Establishing Cisco Secure ACS System Configuration.”
•
Configure Shared Profile Components—With most aspects of network
configuration already established and before configuring user groups, you
should configure your Shared Profile Components. When you set up and
name the network access restrictions and command authorization sets you
intend to employ, you lay out an efficient basis for specifying user group and
single user access privileges. For more information about Shared Profile
Components, see
Chapter 5, “Setting Up and Managing Shared Profile
Components.”
•
Configure Groups—Having previously configured any external user
databases you intend to employ, and before configuring your user groups, you
should decide how to implement two other Cisco Secure ACS features
related to external user databases: unknown user processing and database
group mapping. For more information, see
Unknown User Processing,
page 12-1
, and
Database Group Mappings, page 12-11
. Then, you can
configure your user groups with a complete plan of how Cisco Secure ACS
is to implement authorization and authentication. For more information, see
Chapter 6, “Setting Up and Managing User Groups.”
•
Configure Users—With groups established, you can establish user accounts.
It is useful to remember that a particular user can belong to only one user
group, and that settings made at the user level override settings made at the
group level. For more information, see
Chapter 7, “Setting Up and Managing
User Accounts.”
•
Configure Reports—Using the Reports and Activities section of the
Cisco Secure ACS HTML interface, you can specify the nature and scope of
logging that Cisco Secure ACS performs. For more information, see
Chapter 9, “Working with Logging and Reports.”