How an enterprise network is configured is probably the most
important factor in deciding how and where to deploy Cisco Secure ACS. The
decision of how to deploy Cisco Secure ACS may vary widely depending on the
network topology into which it is to be deployed.
Small LAN
Environment
In the small LAN environment, a single Cisco Secure ACS
would usually be located close to the switch. In this environment, the user
database is usually small because few switches would require access to the
Cisco Secure ACS for AAA. A single Cisco Secure ACS will be able to handle the
modest workload. A second server can be deployed for redundancy. The second
server should be set up as a replication partner to the primary server because
losing the Cisco Secure ACS would prevent users from gaining access to the
network. An example of a Cisco Secure ACS deployment in a small LAN is shown in
Figure
. Access to the
system hosting the Cisco Secure ACS should be limited to as small a number of
users and devices as necessary. In Figure
, this is
achieved by connecting the Cisco Secure ACS host through to a private LAN
segment on the firewall. Access to this segment would be limited only to the
Cisco Catalyst Switch client and those user machines that require HTTP access
to the Cisco Secure ACS for administrative purposes. Normal LAN users should
not be able to see the Cisco Secure ACS at all.
Large Network
Environment
In a larger network that is geographically dispersed,
speed, redundancy, and reliability will be important in determining whether to
use a centralized Cisco Secure ACS service or a number of geographically
dispersed Cisco Secure ACS servers. Network speed can be important in deciding
how Cisco Secure ACS should be deployed because delays in authentication
introduced by the network can result in timeouts at the client side or the
switch.
A useful approach in large extended networks, such as for a
globally dispersed corporation, is to have at least one Cisco Secure ACS
deployed in each major geographical region. Depending upon the quality of the
WAN links, these may act as backup partners to servers in other regions to
protect against failure of the Cisco Secure ACS in any particular region. In
Figure
, Switch
1 is configured with Cisco Secure ACS 1 as its primary AAA server but with
Cisco Secure ACS 2 of Region 2 as its secondary. Switch 2 is configured with
Cisco Secure ACS 2 as its primary but with Cisco Secure ACS 3 as its secondary.
Likewise, Switch 3 uses Cisco Secure ACS 3 as its primary but Cisco Secure ACS
1 as its secondary. In this way, AAA WAN traffic is minimized by using a local
Cisco Secure ACS as the primary AAA server, and the number of Cisco Secure ACS
units required is also minimized by using the primary Cisco Secure ACS from
another region as the secondary when necessary.
The model may be extended
further down to campus or even individual site level if reliable high-speed
connections between locations are not available, or if the performance
requirements of the individual sites call for local servers. The same issue can
be applied to an external database used by the Cisco Secure ACS. The database
should be deployed near enough to the Cisco Secure ACS installation to ensure
reliable and timely access.