2-7
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Chapter2 Deploying Cisco Secure ACS Basic Deployment Factors for Cisco SecureACS
Figure 2-2 Large Dial-up Network
In a very large, geographically dispersed network, see Figure2-3 on page 2-8,
there may be access servers located in different parts of a city, in different cities,
or in different continents. A central CiscoSecure ACS may work if network
latency is not an issue, but connection reliability over long distances may cause
problems. In this case, local Cisco Secure ACS installations may be preferable to
a central server. If the need for a globally coherent user database is paramount,
database replication or synchronization from a central server may be necessary.
This may be further complicated by the use of external databases (such as
Windows NT/2000 or the Lightweight Directory Access Protocol [LDAP]) for
authentication. Additional security measures may be required to protect the
network and user information being forwarded across the WAN. This combines
topology and security factors. Such a case calls for adding an encrypted
connection between regions.
63487
Cisco AS5300's
Macintosh server
Novell server
UNIX server
Windows NT server
Cisco Secure
Access Control
Server
Cisco AS5300