2-17
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Chapter2 Deploying Cisco Secure ACS Basic Deployment Factors for Cisco SecureACS
Conversely, if a general user attempts to use their remote access to log in to a
network device, Cisco Secure ACS checks and approves the user’s username and
password, but the authorization process would fail because that user would not
have credentials that allow shell/exec access to the device.
DatabaseAside from topological considerations, the database is one of the most influential
factors involved in making deployment decisions for CiscoSecure ACS. The size
of the user base, distribution of users throughout the network, access
requirements, and type of database employed all contribute to how
Cisco Secure ACS is used.
Number of Users
Cisco Secure ACS is designed for the enterprise environment, comfortably
handling 100,000 users. This is usually more than adequate for a corporation. In
an environment that exceeds these numbers, the user base would typically be
geographically dispersed, which lends itself to the use of more than one
Cisco Secure ACS configuration. A WAN failure could render a local network
inaccessible because of the loss of the authentication server. In addition to this
issue, reducing the number of users that a single Cisco Secure ACS handles
improves performance by lowering the number of logins occurring at any given
time and by reducing the load on the database itself.
Type of Database
Cisco Secure ACS supports a number of database options. Under the current
version, the options include using the CiscoSecure user database or using remote
authentication via any of the external databases supported. For more information
about database options, types, and features, see the “Authentication and User
Databases” section on page 1-8, or Chapter 11, “Working with User Databases,”
or Chapter 12, “Administering External User Databases.” Each database option
has its own advantages and limitations in scalability and performance.