Chapter1 Overview of Cisco Secure ACS
AAA Server Functions and Concepts
1-20
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Network Device GroupsWith a network device group (NDG), you can view and administer a collection of
AAA clients and AAA servers as a single logical group. To simplify
administration, you can assign each group a convenient name that can be used to
refer to all devices within that group. This creates two levels of network devices
within Cisco Secure ACS—discrete devices such as an individual router, access
server, AAA server, or PIXFirewall, and NDGs, which are named collection of
AAA clients and AAA servers.
A network device can belong to only one NDG at a time.
Using NDGs enables an organization with a large number of AAA clients spread
across a large geographical area to logically organize its environment within
Cisco Secure ACS to reflect the physical setup. For example, all routers in Europe
could belong to a group named Europe; all routers in the United States could
belong to a US group; and so on. This would be especially convenient if each
region’s AAA clients were administered along the same divisions. Alternatively,
the environment could be organized by some other attribute such as divisions,
departments, business functions, and so on.
You can assign a group of users to an NDG. For more information on NDGs, see
the “Network Device Group Configuration” section on page4-20.
Other Administration-Related FeaturesIn addition to the administration-related features discussed in this section, the
following features are provided by Cisco Secure ACS:
•Ability to define different privileges per administrator (see the
“Administrator Accounts” section on page 10-1)
•Ability to log administrator activities (see the “Administration Audit Log”
section on page 9-17)
•Ability to view a list of logged-in users (see the “Logged-In Users Report”
section on page 9-11)
•CSMonitor service, providing monitoring, notification, logging, and limited
automated failure response (see the “Cisco Secure ACS Active Service
Management” section on page 8-48)